This Metasploit module attempts to login to an Apache Axis2 instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. It has been verified to work on at least versions 1.4.1 and 1.6.2.
4719452255874c71f8d0b9c9d1065c938d1a02c4240afad5a85654a333b0db20This Metasploit module logs in to an Axis2 Web Admin Module instance using a specific user/pass and uploads and executes commands via deploying a malicious web service by using REST.
51902f7e6af771ea7983f5300fc1027caf680459a29103bb46b1f0994f2206fcThis Metasploit module logins to an Axis2 Web Admin Module instance using a specific user/pass and uploads and executes commands via deploying a malicious web service by using SOAP.
d25079aca4be2ff7c1b9c1e7d10524631a0690cd4f3947fe48034950306d88a5Rapid7 Security Advisory - The SAP BusinessObjects product contains a module (dswsbobje.war) which deploys Axis2 with an administrator account which is configured with a static password. As a result, anyone with access to the Axis2 port can gain full access to the machine via arbitrary remote code execution. This requires the attacker to upload a malicious web service and to restart the instance of Tomcat. This issue may apply to other products and vendors that embed the Axis2 component. The username is "admin" and the password is "axis2", this is also the default for standalone Axis2 installations.
226db62066f2c56c87818ee78e4d00164861cd9e8d34858c75dc772b294bbff8
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed