CVE-2012-4869

This exploit targets a Local File Inclusion (LFI) vulnerability in Elastix 2.2.0 (CVE-2012-4869) to achieve remote code execution (RCE) via command injection in the callme_page.php endpoint. It uses a Perl reverse shell payload and bypasses TLS certificate verification.

This Metasploit module exploits a code injection vulnerability in FreePBX versions 2.10.0 and 2.9.0 via the 'callmenum' parameter in callme_page.php, allowing remote command execution. The exploit sends a crafted HTTP GET request with a payload encoded in the URI to trigger the vulnerability.

This exploit targets a pre-authenticated remote code execution vulnerability in FreePBX and Elastix by injecting a reverse shell payload via a malformed URL parameter. The payload leverages Perl to establish a reverse shell connection to the attacker's specified host and port.

This exploit demonstrates a remote command execution (RCE) vulnerability in FreePBX due to missing input sanitization in the `callme_page.php` file, allowing arbitrary system commands to be executed via crafted HTTP requests. It also includes multiple XSS vulnerabilities in various endpoints.

This Metasploit module exploits a code injection vulnerability in FreePBX versions 2.10.0 and 2.9.0 via the 'callmenum' parameter in callme_page.php, allowing remote command execution. It iterates over a range of extensions to trigger the payload.