.. / CVE-2017-11610

Exploit for XML-RPC Server - Remote Code Execution (CVE-2017-11610)

Description:

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisor namespace lookups.

Nuclei Template

View the template here CVE-2017-11610.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2017/CVE-2017-11610.yaml

References:

http://www.debian.org/security/2017/dsa-3942
https://nvd.nist.gov/vuln/detail/CVE-2017-11610
https://lists.fedoraproject.org/archives/list/[email protected]/message/JXGWOJNSWWK2TTWQJZJUP66FLFIWDMBQ/
https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/exploit/linux/http/supervisor_xmlrpc_exec.md
https://lists.fedoraproject.org/archives/list/[email protected]/message/DTPDZV4ZRICDYAYZVUHSYZAYDLRMG2IM/

.. / CVE-2017-11610 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for XML-RPC Server - Remote Code Execution (CVE-2017-11610)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2017-11610