module
EnjoySAP SAP GUI ActiveX Control Arbitrary File Download
Disclosed | Created |
---|---|
Apr 15, 2009 | May 30, 2018 |
Disclosed
Apr 15, 2009
Created
May 30, 2018
Description
This module allows remote attackers to place arbitrary files on a users file system
by abusing the "Comp_Download" method in the SAP KWEdit ActiveX Control (kwedit.dll 6400.1.1.41).
by abusing the "Comp_Download" method in the SAP KWEdit ActiveX Control (kwedit.dll 6400.1.1.41).
Author
MC mc@metasploit.com
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.