HP Smart Storage Administrator 2.30.6.0 Remote Command Injection
Posted by deepcore on February 11, 2017 – 6:45 pm
This Metasploit module exploits a vulnerability found in HP Smart Storage Administrator. By supplying a specially crafted HTTP request, it is possible to control the ‘command’ variable in function isDirectFileAccess (found in ipcelmclient.php), which will be used in a proc_open() function. Versions prior to HP SSA 2.60.18.0 are vulnerable.
Post a reply
You must be logged in to post a comment.