infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Do minor style cleanup

bug/bundler_fix
jvazquez-r7 2015-05-01 13:56:48 -05:00
parent d38adef5cc
commit 093c2e3ace
No known key found for this signature in database
GPG Key ID: 38D99152B9352D83
1 changed files with 13 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
modules/exploits/multi/http/zcm_file_upload.rb
View File

@ -14,17 +14,15 @@ class Metasploit3 < Msf::Exploit::Remote
super(update_info(info,
'Name' => 'Novell ZENworks Configuration Management Arbitrary File Upload',
'Description' => %q{
This module exploits a file upload vulnerability in Novell ZENworks
Configuration Management (ZCM, which is part of the ZENworks Suite).
The vulnerability exists in UploadServlet which accepts unauthenticated
file uploads and does not check the "uid" parameter for directory traversal
characters. This allows an attacker to write anywhere in the file system,
and can be abused to deploy a WAR file in the Tomcat webapps directory.
ZCM up to (and including) 11.3.1 is vulnerable to this attack. This module
has been tested successfully with ZCM 11.3.1 on Windows and Linux. Note
that this is a similar vulnerability to ZDI-10-078 / OSVDB-63412 which also
has a Metasploit exploit, but it abuses a different parameter of the same
servlet.
This module exploits a file upload vulnerability in Novell ZENworks Configuration
Management (ZCM, which is part of the ZENworks Suite). The vulnerability exists in
the UploadServlet which accepts unauthenticated file uploads and does not check the
"uid" parameter for directory traversal characters. This allows an attacker to write
anywhere in the file system, and can be abused to deploy a WAR file in the Tomcat
webapps directory. ZCM up to (and including) 11.3.1 is vulnerable to this attack.
This module has been tested successfully with ZCM 11.3.1 on Windows and Linux. Note
that this is a similar vulnerability to ZDI-10-078 / OSVDB-63412 which also has a
Metasploit exploit, but it abuses a different parameter of the same servlet.
},
'Author' =>
[
@ -33,10 +31,10 @@ class Metasploit3 < Msf::Exploit::Remote
'License' => MSF_LICENSE,
'References' =>
[
[ 'CVE', '2015-0779' ],
[ 'OSVDB', '120382' ],
[ 'URL', 'https://raw.githubusercontent.com/pedrib/PoC/master/generic/zenworks_zcm_rce.txt' ],
[ 'URL', 'http://seclists.org/fulldisclosure/2015/Apr/21' ]
['CVE', '2015-0779'],
['OSVDB', '120382'],
['URL', 'https://raw.githubusercontent.com/pedrib/PoC/master/generic/zenworks_zcm_rce.txt'],
['URL', 'http://seclists.org/fulldisclosure/2015/Apr/21']
],
'DefaultOptions' => { 'WfsDelay' => 30 },
'Privileged' => true,