H3c IMC - Remote Code Execution

What is "H3c IMC - Remote Code Execution?"

The "H3c IMC - Remote Code Execution" module is designed to detect a critical vulnerability in the H3c IMC software. H3c IMC is a web application used for network management and monitoring. This vulnerability allows remote unauthenticated attackers to execute arbitrary commands on the target system. The severity of this vulnerability is classified as critical, with a CVSS score of 10.

This module was authored by pikpikcu.

Impact

If exploited, this vulnerability can lead to unauthorized access and control of the target system. Attackers can execute arbitrary commands, potentially compromising the confidentiality, integrity, and availability of the system. This can result in data breaches, unauthorized modifications, and disruption of services.

How the module works?

The "H3c IMC - Remote Code Execution" module sends a specially crafted HTTP POST request to the target system's "dynamiccontent.properties.xhtml" endpoint. The request includes a payload that contains the command to be executed on the target system.

The module then performs two matching conditions to determine if the vulnerability is present:

- The first condition checks the response body for the presence of specific patterns, such as "root:.*:0:0:" and "[fonts|extensions|files]". - The second condition checks if the HTTP response status code is 200.

If both conditions are met, the module reports the vulnerability, indicating that the target system is vulnerable to remote code execution.