Idera Up.Time Monitoring Station 7.4 post2file.php Arbitrary File Upload Version 2

Posted by deepcore on November 14, 2015 – 3:47 pm

This Metasploit module exploits a vulnerability found in Uptime version 7.4.0 and 7.5.0. The vulnerability began as a classic arbitrary file upload vulnerability in post2file.php, which can be exploited by exploits/multi/http/uptime_file_upload_1.rb, but it was mitigated by the vendor. Although the mitigation in place will prevent uptime_file_upload_1.rb from working, it can still be bypassed and gain privilege escalation, and allows the attacker to upload file again, and execute arbitrary commands.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« [webapps] – b374k Web Shell – CSRF Command Injection TUDU 0.82 Buffer Overflow »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Idera Up.Time Monitoring Station 7.4 post2file.php Arbitrary File Upload Version 2

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL