Exploit HP OpenView Radia Management Portal 1.0/2.0 - Remote Command Execution

Exploiter

Хакер
34,599
0
18 Дек 2022
EDB-ID
25557
Проверка EDB
  1. Пройдено
Автор
DAVID MORGAN
Тип уязвимости
REMOTE
Платформа
WINDOWS
CVE
cve-2005-1370
Дата публикации
2005-04-28
Код:
source: https://www.securityfocus.com/bid/13414/info

A remote command execution vulnerability affects HP OpenView Radia Management Portal. This issue is due to a failure of the application to properly secure access to critical functionality. This is due to a directory traversal issue that will permit a remote user to execute any program on the affected computer.

An unauthenticated, remote attacker may leverage this issue to execute arbitrary commands on an affected computer with Local System privileges on the Microsoft Windows platform and elevated privileges on UNIX-based platforms. 

bash$ printf "\x00\x00\x00../../windows/system32/whoami.exe\x00" | nc -v
xx.xx.xx.xx 1065
 
Источник
www.exploit-db.com

Похожие темы