Erik Wynter
Hackerfrens, it is with a mixture of joy, pride, shame and confusion, that I present to you an exploit for OpenTSDB <= 2.4.1 (CVE-2023-36812) written in modern Fortran. Yes, Fortran. I used the http-client lib they added this year. Check it out here: https://github.com/ErikWynter/opentsdb_key_cmd_injection
GitHub - ErikWynter/opentsdb_key_cmd_injection: An exploit for OpenTSDB <= 2.4.1 cmd injection (CVE-2023-36812/CVE-2023-25826) written in Fortran

An exploit for OpenTSDB <= 2.4.1 cmd injection (CVE-2023-36812/CVE-2023-25826) written in Fortran - GitHub - ErikWynter/opentsdb_key_cmd_injection: An exploit for OpenTSDB <= 2.4.1 cmd inject...

GitHub
Sep 7, 2023 at 2:43pmWeb
Show threadErik WynterSep 7, 2023
For all you boring nerds who need something they can use on a pentest, I've also written a Metasploit module. PR is open here: https://github.com/rapid7/metasploit-framework/pull/18350
Add opentsdb_key_cmd_injection exploit module and docs by ErikWynter · Pull Request #18350 · rapid7/metasploit-framework

About This change adds an exploit module and docs for an unauthenticated command injection vulnerability in OpenTSDB through 2.4.1 (CVE-2023-36812/CVE-2023-25826). Vulnerable Application OpenTSDB t...

GitHub