Vulnerability & Exploit Database

Back to search

HP SiteScope issueSiebelCmd Remote Code Execution

This module exploits a code execution flaw in HP SiteScope. The vulnerability exists in the APISiteScopeImpl web service, specifically in the issueSiebelCmd method, which allows the user to execute arbitrary commands without authentication. This module has been tested successfully on HP SiteScope 11.20 over Windows 2003 SP2, Windows 2008 and CentOS 6.5.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

exploit/multi/http/hp_sitescope_issuesiebelcmd

Authors

  • rgod <rgod [at] autistici.org>
  • juan vazquez <juan.vazquez [at] metasploit.com>

References

Targets

  • HP SiteScope 11.20 / Windows
  • HP SiteScope 11.20 / Linux

Platforms

  • windows
  • unix

Architectures

  • x86
  • cmd
  • x86
  • cmd

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/multi/http/hp_sitescope_issuesiebelcmd msf exploit(hp_sitescope_issuesiebelcmd) > show targets ...targets... msf exploit(hp_sitescope_issuesiebelcmd) > set TARGET <target-id> msf exploit(hp_sitescope_issuesiebelcmd) > show options ...show and set options... msf exploit(hp_sitescope_issuesiebelcmd) > exploit