CVE-2019-12725

This Metasploit module exploits an unauthenticated command injection vulnerability in ZeroShell 3.9.0 via the '/cgi-bin/kerbynet' endpoint, leveraging sudo misconfiguration to execute arbitrary commands as root using tar's checkpoint feature.

This exploit leverages a command injection vulnerability in ZeroShell 3.9.0 via the 'x509type' parameter in the '/cgi-bin/kerbynet' endpoint. It allows remote command execution by injecting commands between newline characters.

The repository contains a functional Python exploit for CVE-2021-36749, an arbitrary file read vulnerability in Apache Druid. The exploit sends a crafted JSON payload to the Druid sampler endpoint to read files from the target system.

This PoC exploits a command injection vulnerability in ZeroShell 3.9.0 and below by injecting a payload into the 'x509type' parameter via newline characters (%0a), bypassing a previous fix. It demonstrates remote command execution as root by leveraging the 'sudo tar' command with checkpoint actions.

The repository contains a functional Python exploit for CVE-2019-12725, a remote command execution vulnerability in ZeroShell 3.9.0. The exploit leverages command injection via the 'x509type' parameter in the '/cgi-bin/kerbynet' endpoint, allowing unauthenticated attackers to execute arbitrary commands.

This Python script exploits a command injection vulnerability in Zyxel NAS devices by injecting commands into the 'x509type' parameter of the '/cgi-bin/kerbynet' endpoint. It allows remote command execution via a crafted HTTP GET request.

This repository contains a functional exploit for CVE-2019-12725, a remote command execution vulnerability in ZeroShell. The exploit leverages a command injection flaw in the 'kerbynet' CGI script via the 'x509type' parameter, using 'sudo tar' with checkpoint actions to execute arbitrary commands.

This repository contains a functional exploit for CVE-2019-12725, a remote command execution vulnerability in ZeroShell 3.9.0. The exploit leverages a command injection flaw in the `/cgi-bin/kerbynet` endpoint by manipulating the `x509type` parameter to execute arbitrary commands with elevated privileges.

The repository contains a functional Python script that exploits CVE-2019-12725, a command injection vulnerability in ZeroShell. The exploit sends crafted HTTP requests to execute arbitrary commands via the 'x509type' parameter in the '/cgi-bin/kerbynet' endpoint.

This repository contains a functional exploit for CVE-2019-12725, a remote command execution vulnerability in ZeroShell 3.9.0. The exploit leverages a command injection flaw in the 'x509type' parameter of the '/cgi-bin/kerbynet' endpoint to execute arbitrary commands with elevated privileges.