Sysaid 20.1.11 b26 - Remote Command Execution

ID EDB-ID:48188
Type exploitdb
Reporter Exploit-DB
Modified 2020-03-10T00:00:00


                                            # Exploit Title: Sysaid 20.1.11 b26 - Remote Command Execution
# Google Dork: intext:"Help Desk Software by SysAid <>"
# Date: 2020-03-09
# Exploit Author: Ahmed Sherif
# Vendor Homepage:
# Software Link: [
# Version:  Sysaid v20.1.11 b26
# Tested on: Windows Server 2016
# CVE : None

GhostCat Attack

The default
installation of Sysaid is enabling the exposure of AJP13 protocol which is used
by tomcat instance, this vulnerability has been released recently on
different blogposts


[image: image.png]

attacker would be able to exploit the vulnerability and read the Web.XML of
Unauthenticated File Upload

It was
found on the Sysaid application that an attacker would be able to upload files
without authenticated by directly access the below link:


In the above screenshot, it shows that an attacker can execute commands
in the system without any prior authentication to the system.