CVE-2019-15029 PoC — FusionPBX 命令注入漏洞

Source

https://github.com/mhaskar/CVE-2019-15029

Associated Vulnerability

Title:FusionPBX 命令注入漏洞 (CVE-2019-15029)
Description:FusionPBX是一套可扩展、多线程的通信平台。该平台可作为呼叫中心服务器、传真服务器、voip服务器、语音邮件服务器、会议服务器和语音应用服务器等。 FusionPBX 4.4.8版本中存在安全漏洞。攻击者可通过向service_edit.php文件提交恶意的命令利用该漏洞执行任意的系统命令。

Description

The official exploit code for FusionPBX v4.4.8 Remote Code Execution CVE-2019-15029

Readme

# CVE-2019-15029
The official exploit code for FusionPBX v4.4.8 Remote Code Execution CVE-2019-15029

## Metasploit Module 

I wrote a simple Metasploit module to exploit this issue `fusionpbx_services.rb`, you just have to download it and copy it into metasploit modules directory.

![FusionPBX metasploit module](FusionPBX-metasploit.png)

File Snapshot


 [4.0K]  /data/pocs/3890d5d19ad97dc35e7b9d7c0a9f5ba8b7d3c94f
├── [2.3K]  FusionPBX-exploit.py
├── [858K]  FusionPBX-metasploit.png
├── [4.5K]  fusionpbx_services.rb
└── [ 341]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!