module
Idera Up.Time Monitoring Station 7.4 post2file.php Arbitrary File Upload
| Disclosed | Created |
|---|---|
| 2013-11-18 | 2018-05-30 |
Disclosed
2013-11-18
Created
2018-05-30
Description
This module exploits a vulnerability found in Uptime version 7.4.0 and 7.5.0.
The vulnerability began as a classic arbitrary file upload vulnerability in post2file.php,
which can be exploited by exploits/multi/http/uptime_file_upload_1.rb, but it was mitigated
by the vendor.
Although the mitigation in place will prevent uptime_file_upload_1.rb from working, it
can still be bypassed and gain privilege escalation, and allows the attacker to upload file
again, and execute arbitrary commands.
The vulnerability began as a classic arbitrary file upload vulnerability in post2file.php,
which can be exploited by exploits/multi/http/uptime_file_upload_1.rb, but it was mitigated
by the vendor.
Although the mitigation in place will prevent uptime_file_upload_1.rb from working, it
can still be bypassed and gain privilege escalation, and allows the attacker to upload file
again, and execute arbitrary commands.
Authors
Denis Andzakovic
Ewerson Guimaraes(Crash) crash@dclabs.com.br
Gjoko Krstic(LiquidWorm) gjoko@zeroscience.mk
Ewerson Guimaraes(Crash) crash@dclabs.com.br
Gjoko Krstic(LiquidWorm) gjoko@zeroscience.mk
Platform
PHP
Architectures
php
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.