Published: 28/10/2019 Updated: 29/10/2019

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

An issue exists in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.

Vulnerable Product	Search on Vulmon	Subscribe to Product
rconfig rconfig 3.9.2

# Exploit Title: rConfig 392 - Remote Code Execution # Date: 2019-09-18 # Exploit Author: Askar # Vendor Homepage: rconfigcom/ # Software link: rconfigcom/download # Version: v392 # Tested on: CentOS 77 / PHP 7222 # CVE : CVE-2019-16662 #!/usr/bin/python import requests import sys from urllib import quote from requestspa ...

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager def initialize(info = {}) super(update_info(info, ...

rConfig version 392 suffers from a remote code execution vulnerability ...

This Metasploit module exploits an unauthenticated command injection vulnerability in rConfig versions 392 and prior The install directory is not automatically removed after installation, allowing unauthenticated users to execute arbitrary commands via the ajaxServerSettingsChkphp file as the web server user This module has been tested success ...

The official exploit for rConfig 3.9.2 Post-auth Remote Code Execution CVE-2019-16663

CVE-2019-16663 The official exploit code for Centreon v1904 Remote Code Execution CVE-2019-16662

New Found 0-days!

CVE-2019-19268 Affected Version: rConfig 392 [Description] Multiple attack vectors in rConfig v392 due to misconfiguration, which allows local users to execute root commands via sudo [Discoverers] dmw0ng - Discord: dmw0ng#4449 TheCyberGeek - Discord: TheCyberGeek#1892 Email: cybergeek19@protonmailcom The Sudo configuration in rConfig 392 gives the apache user access

The official exploit for rConfig 3.9.2 Pre-auth Remote Code Execution CVE-2019-16662

CVE-2019-16662 The official exploit for rConfig 392 Remote Code Execution CVE-2019-16662

Vulnerable rConfig Images Demo images for CVE-2019-16662 and CVE-2019-16663 Info This repository contains the setup to create two docker images running rConfig 392 Each image contains an /exploitpy to trigger the vulnerability For further info have a look at the corresponding blog post Run You can just pull the image from docker hub: docker run -it fab1ano/cve-2019-1666[

CWE-78 https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/https://drive.google.com/open?id=1OXI5cNuwWqc6y-7BgNCfYHgFPK2cpvnu https://drive.google.com/file/d/1bTpTn4-alJ8qGCEATLq-oVM6HbhE65iY/view?usp=sharing https://rconfig.com/download https://gist.github.com/mhaskar/ceb65fa4ca57c3cdccc1edfe2390902e http://packetstormsecurity.com/files/154999/rConfig-3.9.2-Remote-Code-Execution.html http://packetstormsecurity.com/files/155186/rConfig-3.9.2-Command-Injection.html https://nvd.nist.gov https://github.com/mhaskar/CVE-2019-16663 https://www.exploit-db.com/exploits/47555

CVE-2019-16662

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect