Module Name: Remote Command Injection Shell Interface
Module path: exploitation/injection/command_injector


BASE_URL:
BASIC_PASS:
BASIC_USER:
COOKIE:
MARK_END:
MARK_START:
PARAMETERS:
POST:


Name: Remote Command Injection Shell Interface
Path: modules/exploitation/injection/command_injector.py
Author: Tim Tomes (@LaNMaSteR53)

Description:
Provides a shell interface for remote command injection flaws in web applications.

Options:
Name Current Value Required Description
BASE_URL yes the target resource url excluding any parameters
BASIC_PASS no password for basic authentication
BASIC_USER no username for basic authentication
COOKIE no cookie string containing authenticated session data
MARK_END no string to match page content following the command output
MARK_START no string to match page content preceding the command output
PARAMETERS yes the query parameters with '<rce>' signifying the value of the vulnerable parameter
POST False yes set the request method to post. parameters should still be submitted in the url option