Dell KACE K1000 File Upload
Posted by deepcore on April 14, 2016 – 11:16 am
This Metasploit module exploits a file upload vulnerability in Kace K1000 versions 5.0 to 5.3, 5.4 prior to 5.4.76849, and 5.5 prior to 5.5.90547 which allows unauthenticated users to execute arbitrary commands under the context of the ‘www’ user. This Metasploit module also abuses the ‘KSudoClient::RunCommandWait’ function to gain root privileges. This Metasploit module has been tested successfully with Dell KACE K1000 version 5.3.
Post a reply
You must be logged in to post a comment.