ATutor 2.2.1 - Directory Traversal / Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'ATutor 2.2.1 Directory Traversal / Remote Code Execution', 'Description' = %q This module exploits a directory traversal...

ATutor 2.2.1 Directory Traversal / Remote Code Execution

This module exploits a directory traversal vulnerability in ATutor on an Apache/PHP setup with displayerrors set to On, which can be used to allow us to upload a malicious ZIP file. On the web application, a blacklist verification is performed before extraction, however it is not sufficient to...