Friday, December 11, 2020

Aerospike Database UDF Lua Code Execution

Aerospike Database versions before 5.1.0.3 permitted user-defined functions (UDF) to call the os.execute Lua function. This Metasploit module creates a UDF utilizing this function to execute arbitrary operating system commands with the privileges of the user running the Aerospike service. This module does not support authentication; however Aerospike Database Community Edition does not enable authentication by default. This module has been tested successfully on Ubuntu with Aerospike Database Community Edition versions 4.9.0.5, 4.9.0.11 and 5.0.0.10.
Aerospike Database UDF Lua Code Execution
 

Copyright © 2020 Cyber Details - Vulnerability Database™

Thanks for everything Templateism - You should have written the code a little more complicated