infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix my own blasted typo, ty @wvu-r7

bug/bundler_fix
Tod Beardsley 2015-07-20 17:14:13 -05:00
parent 2052b4ef56
commit cadb03bac0
No known key found for this signature in database
GPG Key ID: BD63D0A3EA19CAAC
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
modules/exploits/multi/http/sysaid_rdslogs_file_upload.rb
View File

@ -18,7 +18,7 @@ class Metasploit3 < Msf::Exploit::Remote
'Description' => %q{
This module exploits a file upload vulnerability in SysAid Help Desk v14.3 and v14.4.
The vulnerability exists in the RdsLogsEntry servlet which accepts unauthenticated
file uploads and handles zip file contents in a insecure way. By combinding both weaknesses,
file uploads and handles zip file contents in a insecure way. By combining both weaknesses,
a remote attacker can accomplish remote code execution. Note that this will only work if the
target is running Java 6 or 7 up to 7u25, as Java 7u40 and above introduces a protection
against null byte injection in file names. This module has been tested successfully on version