Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-15029 PoC — FusionPBX 命令注入漏洞

Source
https://github.com/mhaskar/CVE-2019-15029
Associated Vulnerability
Title:FusionPBX 命令注入漏洞 (CVE-2019-15029)
Description:FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the service_edit.php file (which will insert the malicious command into the database). To trigger the command, one needs to call the services.php file via a GET request with the service id followed by the parameter a=start to execute the stored command.
Description
The official exploit code for FusionPBX v4.4.8 Remote Code Execution CVE-2019-15029
Readme
# CVE-2019-15029
The official exploit code for FusionPBX v4.4.8 Remote Code Execution CVE-2019-15029

## Metasploit Module 

I wrote a simple Metasploit module to exploit this issue `fusionpbx_services.rb`, you just have to download it and copy it into metasploit modules directory.

![FusionPBX metasploit module](FusionPBX-metasploit.png)
File Snapshot

 [4.0K]  /data/pocs/3890d5d19ad97dc35e7b9d7c0a9f5ba8b7d3c94f
├── [2.3K]  FusionPBX-exploit.py
├── [858K]  FusionPBX-metasploit.png
├── [4.5K]  fusionpbx_services.rb
└── [ 341]  README.md

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →