Samsung Security Manager 1.5 ActiveMQ Broker Service PUT Method Remote Code Execution

Posted by deepcore on August 6, 2016 – 7:47 am

This is an exploit against Samsung Security Manager that bypasses the patch in CVE-2015-3435 by exploiting the vulnerability against the client side. This exploit has been tested successfully against IE, FireFox and Chrome by abusing a GET request XSS to bypass CORS and reach the vulnerable PUT. Finally, a traversal is used in the PUT request to upload the code just where we want it and gain Remote Code Execution as SYSTEM.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« http://www.dgr.go.th/bgepa/chaing_rai/index.html PHP Power Browse 1.2 Path Traversal »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Samsung Security Manager 1.5 ActiveMQ Broker Service PUT Method Remote Code Execution

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL