Artica Proxy 4.30.000000 Authentication Bypass / Command Injection

Posted on 23 September 2020

This Metasploit module exploits an authenticated command injection vulnerability in Artica Proxy, combined with an authentication bypass discovered on the same version, it is possible to trigger the vulnerability without knowing the credentials. The application runs in a virtual appliance and successful exploitation of this vulnerability yields remote code execution as root on the remote system.