• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Metasploit Framework MSFWeb Defanged Mode Restriction Bypass Vulnerability

Metasploit Framework is susceptible to a restriction bypass vulnerability in msfweb. This issue is due to a failure of the application to properly implement access control restrictions.

This issue allows remote attackers to bypass security restrictions in the affected Web server. Attackers may exploit this issue to attack arbitrary computers using the Metasploit Framework, while originating the attacks from the computer hosting the vulnerable msfweb process.

Attackers may also interact with the payload features in the Metasploit Framework to manipulate files on the hosting computer, likely leading to executing arbitrary commands and then complete system compromise.

It should be noted that the Metasploit Framework documentation specifies that msfweb should not be globally accessible, due to potential security problems.