Fix metadata
parent
d6a1182bd4
commit
891a54aad7
|
@ -19,11 +19,11 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
'Description' => %q{
|
||||
This module exploits a vulnerability found in Western Digital Arkeia Appliance
|
||||
version 10.0.10 and lower. By abusing the upload.php file from the scripts directory,
|
||||
a malicious user can upload arbitrary code to the ApplianceUpdate file in
|
||||
the tmp directory without any authentication. Abusing the local file inclusion in
|
||||
the lang cookie to parse this file, results in arbitrary code execution, also without
|
||||
any authentication. The module has been tested successfully on Arkeia 10.0.10.
|
||||
The issues have been fixed in version 10.1.10.
|
||||
a malicious user can upload arbitrary code to the ApplianceUpdate file in the temp
|
||||
directory without any authentication. Abusing the local file inclusion in the lang
|
||||
cookie to parse this file, results in arbitrary code execution, also without any
|
||||
authentication. The module has been tested successfully on Arkeia 10.0.10. The issues
|
||||
have been fixed in version 10.1.10.
|
||||
},
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' =>
|
||||
|
@ -40,7 +40,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
[
|
||||
['Western Digital Arkeia Appliance 10.0.10', {}]
|
||||
],
|
||||
'Privileged' => false,
|
||||
'Privileged' => true,
|
||||
'DisclosureDate' => "Sep 16 2013",
|
||||
'DefaultTarget' => 0))
|
||||
|
||||
|
|
Loading…
Reference in New Issue