Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stock Management System (SMS) v1.0 RCE vulnerability exploit #19782

Open
a7med-tal3at opened this issue Jan 1, 2025 · 1 comment
Open

Stock Management System (SMS) v1.0 RCE vulnerability exploit #19782

a7med-tal3at opened this issue Jan 1, 2025 · 1 comment
Assignees
@bwatters-r7
Labels
suggestion-module New module suggestions

Comments

@a7med-tal3at
Copy link

Summary

Brief explanation of the module.
This module exploits an authenticated RCE vulnerability in Stock Management System (SMS) v1.0

Basic example

https://medium.com/@n0pTeX/an-authenticated-rce-stock-management-system-v1-0-sms-v1-0-18f0a41b70dc

Motivation

Exploiting an RCE vulnerability and gain access on the system with a meterpreter session
@a7med-tal3at a7med-tal3at added the suggestion-module New module suggestions label Jan 1, 2025
@bwatters-r7 bwatters-r7 self-assigned this Jan 6, 2025
@bwatters-r7
Copy link
Contributor

Is this Stock Management System something people would be likely to find out in the wild?
I'd search online, but the name "Stock Management System" and "SMS" are not really conducive to internet searching 😆
Also, there's a hidden redirect in the Stock Management documentation for a link that says it goes to apachefriends.org, but sends you to a malware server/Microsoft impersonation page.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bwatters-r7 bwatters-r7

Labels
suggestion-module New module suggestions
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bwatters-r7 @a7med-tal3at