/// File Name: |
piranha_passwd_exec.rb.txt |
Description:
|
This Metasploit module abuses two flaws - a meta-character injection vulnerability in the HTTP management server of RedHat 6.2 systems running the Piranha LVS cluster service and GUI (rpm packages: piranha and piranha-gui). The vulnerability allows an authenticated attacker to execute arbitrary commands as the Apache user account (nobody) within the /piranha/secure/passwd.php3 script. The package installs with a default user and password of piranha:q which was exploited in the wild.
|
Author: | patrick |
Homepage: | http://www.metasploit.com |
File Size: | 3041 |
Related OSVDB(s): | 1300,289 |
Related CVE(s): | CVE-2000-0322, CVE-2000-0248 |
Last Modified: | Feb 15 17:14:30 2010 |
MD5 Checksum: | f67f90a640b118d5d59f7d2fd5dcfd0e |