module

NFR Agent FSFUI Record File Upload RCE

Try Surface Command
Back to search
Disclosed
Nov 16, 2012
Created
May 30, 2018

Description

NFRAgent.exe, a component of Novell File Reporter (NFR), allows remote attackers to upload
arbitrary files via a directory traversal while handling requests to /FSF/CMD with
FSFUI records with UICMD 130. This module has been tested successfully against NFR
Agent 1.0.4.3 (File Reporter 1.0.2) and NFR Agent 1.0.3.22 (File Reporter 1.0.1).

Author

juan vazquez [email protected]

Platform

Windows

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':


    msf > use exploit/windows/novell/file_reporter_fsfui_upload
    msf exploit(file_reporter_fsfui_upload) > show targets
        ...targets...
    msf exploit(file_reporter_fsfui_upload) > set TARGET < target-id >
    msf exploit(file_reporter_fsfui_upload) > show options
        ...show and set options...
    msf exploit(file_reporter_fsfui_upload) > exploit
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today