Vulnerability & Exploit Database

Back to search

Manage Engine Exchange Reporter Plus Unauthenticated RCE

This module exploits a remote code execution vulnerability that exists in Exchange Reporter Plus <= 5310, caused by execution of bcp.exe file inside ADSHACluster servlet

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

exploit/windows/http/manageengine_adshacluster_rce

Authors

  • Kacper Szurek <kacperszurek [at] gmail.com>

References

Targets

  • Automatic

Platforms

  • windows

Architectures

  • x86
  • x64

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/windows/http/manageengine_adshacluster_rce msf exploit(manageengine_adshacluster_rce) > show targets ...targets... msf exploit(manageengine_adshacluster_rce) > set TARGET <target-id> msf exploit(manageengine_adshacluster_rce) > show options ...show and set options... msf exploit(manageengine_adshacluster_rce) > exploit