Vulnerability & Exploit Database

Back to search

Disk Pulse Enterprise GET Buffer Overflow

This module exploits an SEH buffer overflow in Disk Pulse Enterprise 9.9.16. If a malicious user sends a crafted HTTP GET request it is possible to execute a payload that would run under the Windows NT AUTHORITY\SYSTEM account.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

exploit/windows/http/disk_pulse_enterprise_get

Authors

  • Chance Johnson
  • Nipun Jaswal & Anurag Srivastava

References

Targets

  • Disk Pulse Enterprise 9.9.16

Platforms

  • windows

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/windows/http/disk_pulse_enterprise_get msf exploit(disk_pulse_enterprise_get) > show targets ...targets... msf exploit(disk_pulse_enterprise_get) > set TARGET <target-id> msf exploit(disk_pulse_enterprise_get) > show options ...show and set options... msf exploit(disk_pulse_enterprise_get) > exploit