module
Idera Up.Time Monitoring Station 7.0 post2file.php Arbitrary File Upload
| Disclosed | Created |
|---|---|
| Nov 19, 2013 | May 30, 2018 |
Disclosed
Nov 19, 2013
Created
May 30, 2018
Description
This module exploits an arbitrary file upload vulnerability found within the Up.Time
monitoring server 7.2 and below. A malicious entity can upload a PHP file into the
webroot without authentication, leading to arbitrary code execution.
Although the vendor fixed Up.Time to prevent this vulnerability, it was not properly
mitigated. To exploit against a newer version of Up.Time (such as 7.4), please use
exploits/multi/http/uptime_file_upload_2.
monitoring server 7.2 and below. A malicious entity can upload a PHP file into the
webroot without authentication, leading to arbitrary code execution.
Although the vendor fixed Up.Time to prevent this vulnerability, it was not properly
mitigated. To exploit against a newer version of Up.Time (such as 7.4), please use
exploits/multi/http/uptime_file_upload_2.
Author
Denis Andzakovic [email protected]
Platform
PHP
Architectures
php
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.