Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

OpenCPU - Remote Code Execution

By kannthu

Critical
Vidoc logoVidoc Module
#rce#opencpu#oss
Description

What is "OpenCPU - Remote Code Execution?"

The "OpenCPU - Remote Code Execution" module is designed to detect the presence of a remote code execution vulnerability in OpenCPU, an open-source software system for embedded scientific computing and reproducible research. This module is classified as critical severity, indicating the potential for significant harm if exploited.

This module was authored by wa1tf0rme.

Impact

If the "OpenCPU - Remote Code Execution" vulnerability is present and successfully exploited, an attacker could execute arbitrary code on the target system. This could lead to unauthorized access, data breaches, and potential compromise of the entire system.

How does the module work?

The "OpenCPU - Remote Code Execution" module works by sending a specific HTTP request to the target system and then analyzing the response to determine if the vulnerability is present. The module uses the following matching conditions:

- The HTTP request path must match "/ocpu/library/base/R/do.call/json". - The HTTP request method must be "POST". - The HTTP request must have the "Content-Type" header set to "application/x-www-form-urlencoded". - The response must contain the words "uid=" and "gid=". - The response status code must be 201.

If all of these conditions are met, the module will report a vulnerability.

Here is an example of the HTTP request sent by the module:

POST /ocpu/library/base/R/do.call/json
Content-Type: application/x-www-form-urlencoded

[request body]

It is important to note that this is just one test case performed by the Vidoc platform, which utilizes multiple modules to conduct comprehensive scanning.

For more information, you can refer to the following resources:

- https://pulsesecurity.co.nz/articles/R-Shells - https://github.com/opencpu/opencpu/

Metadata: max-request: 1

Module preview

Concurrent Requests (1)
1. HTTP Request template
POST/ocpu/library/base/R...
Headers

Content-Type: application/x-www-fo...

Matching conditions
word: uid=, gid=and
status: 201
Passive global matcher
No matching conditions.
On match action
Report vulnerability