METASPLOIT-modules/exploits/unix/webapp/ajenti_auth_username_cmd_injection.rb

METASPLOIT ruby WORKING POC

Exploit for CVE-2019-25066 - ajenti <2.1.31 - Privilege Escalation

AI Analysis

This Metasploit module exploits a command injection vulnerability in Ajenti 2.1.31 by injecting a Python payload into the username parameter during authentication. It leverages the API endpoint `/api/core/auth` to execute arbitrary commands, resulting in remote code execution.

Attack Type

RCE

Complexity

trivial

Reliability

reliable

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

Loading exploit code...

Download ZIP Password: eip

Source

Platform Metasploit

Type poc

Platform python

Language ruby

Rank excellent

Files 1

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/ajenti_auth_username_cmd_injection.rb

Authors

Jeremy Brown Onur ER

Vulnerability

CVE-2019-25066

ajenti <2.1.31 - Privilege Escalation

MEDIUM

CVSS 6.3