module
Project Pier Arbitrary File Upload Vulnerability
| Disclosed | Created |
|---|---|
| 2012-10-08 | 2018-05-30 |
Disclosed
2012-10-08
Created
2018-05-30
Description
This module exploits a vulnerability found in Project Pier. The application's
uploading tool does not require any authentication, which allows a malicious user
to upload an arbitrary file onto the web server, and then cause remote code
execution by simply requesting it. This module is known to work against Apache
servers due to the way it handles an extension name, but the vulnerability may
not be exploitable on others.
uploading tool does not require any authentication, which allows a malicious user
to upload an arbitrary file onto the web server, and then cause remote code
execution by simply requesting it. This module is known to work against Apache
servers due to the way it handles an extension name, but the vulnerability may
not be exploitable on others.
Authors
BlackHawk
sinn3r sinn3r@metasploit.com
sinn3r sinn3r@metasploit.com
Platform
Linux,PHP
Architectures
cmd
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.