module
Ahsay Backup v7.x-v8.1.1.50 (authenticated) file upload
| Disclosed | Created |
|---|---|
| 2019-06-01 | 2019-07-23 |
Disclosed
2019-06-01
Created
2019-07-23
Description
This module exploits an authenticated insecure file upload and code
execution flaw in Ahsay Backup v7.x - v8.1.1.50. To succesfully execute
the upload credentials are needed, default on Ahsay Backup trial
accounts are enabled so an account can be created.
It can be exploited in Windows and Linux environments to get remote code
execution (usualy as SYSTEM). This module has been tested successfully
on Ahsay Backup v8.1.1.50 with Windows 2003 SP2 Server. Because of this
flaw all connected clients can be configured to execute a command before
the backup starts. Allowing an attacker to takeover even more systems
and make it rain shells!
Setting the CREATEACCOUNT to true will create a new account, this is
enabled by default.
If credeantials are known enter these and run the exploit.
execution flaw in Ahsay Backup v7.x - v8.1.1.50. To succesfully execute
the upload credentials are needed, default on Ahsay Backup trial
accounts are enabled so an account can be created.
It can be exploited in Windows and Linux environments to get remote code
execution (usualy as SYSTEM). This module has been tested successfully
on Ahsay Backup v8.1.1.50 with Windows 2003 SP2 Server. Because of this
flaw all connected clients can be configured to execute a command before
the backup starts. Allowing an attacker to takeover even more systems
and make it rain shells!
Setting the CREATEACCOUNT to true will create a new account, this is
enabled by default.
If credeantials are known enter these and run the exploit.
Author
Wietse Boonstra
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.