Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "WebUI 1.5b6 - Remote Code Execution" module is designed to detect a vulnerability in the WebUI 1.5b6 software. This vulnerability allows remote attackers to execute arbitrary code through the "mainfile.php" endpoint by exploiting the "Logon" parameter. The severity of this vulnerability is classified as critical, with a CVSS score of 10.
This module was authored by pikpikcu.
If successfully exploited, this vulnerability can lead to remote code execution on the target system. Attackers can execute arbitrary code, potentially gaining unauthorized access, manipulating data, or causing further damage to the system.
The module sends an HTTP GET request to the "/mainfile.php" endpoint with specific parameters. It then checks the response for two matching conditions:
If both conditions are met, the module reports a vulnerability.
Example HTTP request:
GET /mainfile.php?username=test&password=testpoc&_login=1&Logon=%27%3Becho%20md5(TestPoc)%3B%27
This module is part of the Vidoc platform, which utilizes multiple modules to perform scanning and testing for various misconfigurations, vulnerabilities, and software fingerprints.