2022
02.05

This Metasploit module exploits privilege escalation in Servisnet Tessa triggered by the add new sysadmin user flow with any user authorization. An API request to “/data-service/users/[userid]” with any low-authority user returns other users’ information in response. The encrypted password information is included here, but privilege escalation is also possible with the active sessionid value.

No Comment.

Add Your Comment

You must be logged in to post a comment.