Vulnerability & Exploit Database

Back to search

Samsung Security Manager 1.4 ActiveMQ Broker Service PUT Method Remote Code Execution

This is an exploit against Samsung Security Manager that bypasses the patch in ZDI-15-156 & ZDI-16-481 by exploiting the vulnerability against the client-side. This exploit has been tested successfully using IE, FireFox and Chrome by abusing a GET request XSS to bypass CORS and reach the vulnerable PUT. Finally a traversal is used in the PUT request to upload the code just where we want it and gain RCE as SYSTEM.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

exploit/windows/browser/samsung_security_manager_put

Authors

  • mr_me <mr_me [at] offensive-security.com>

References

Targets

  • Samsung Security Manager 1.32 & 1.4 Universal

Platforms

  • windows

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/windows/browser/samsung_security_manager_put msf exploit(samsung_security_manager_put) > show targets ...targets... msf exploit(samsung_security_manager_put) > set TARGET <target-id> msf exploit(samsung_security_manager_put) > show options ...show and set options... msf exploit(samsung_security_manager_put) > exploit