10 matches found
Metasploit Wrap-Up
Now I Control Your Resource Planning Servers Sage X3 is a resource planning product designed by Sage Group which is designed to help established businesses plan out their business operations. But what if you wanted to do more than just manage resources? What if you wanted to hijack the resource...
CVE-2020-7387
Sage X3 Installation Pathname Disclosure. A specially crafted packet can elicit a response from the AdxDSrv.exe component that reveals the installation directory of the product. Note that this vulnerability can be combined with CVE-2020-7388 to achieve full RCE. This issue was fixed in AdxAdmin...
CVE-2020-7388
Sage X3 Unauthenticated Remote Command Execution RCE as SYSTEM in AdxDSrv.exe component. By editing the client side authentication request, an attacker can bypass credential validation. While exploiting this does require knowledge of the installation path, that information can be learned by...
Design/Logic Flaw
Sage X3 Unauthenticated Remote Command Execution RCE as SYSTEM in AdxDSrv.exe component. By editing the client side authentication request, an attacker can bypass credential validation. While exploiting this does require knowledge of the installation path, that information can be learned by...
CVE-2020-7388 Sage X3 AdxAdmin Unauthenticated Command Execution Bypass by Spoofing
Sage X3 Unauthenticated Remote Command Execution RCE as SYSTEM in AdxDSrv.exe component. By editing the client side authentication request, an attacker can bypass credential validation. While exploiting this does require knowledge of the installation path, that information can be learned by...
CVE-2020-7387
Sage X3 CVE-2020-7387 concerns an Installation Pathname Disclosure in AdxDSrv.exe. A crafted packet can trigger a response revealing the product installation directory. The vulnerability can be chained with CVE-2020-7388 to enable full RCE. Remediation: AdxAdmin 93.2.53 and associated updates for...
Sage X3 Administration Service Authentication Bypass Command Execution
This module leverages an authentication bypass exploit within Sage X3 AdxSrv's administration protocol to execute arbitrary commands as SYSTEM against a Sage X3 Server running an available AdxAdmin service. Module Options msf use exploit/windows/sage/x3adxsrvauthbypasscmdexec msf...
Sage X3 AdxAdmin Login Scanner
This module allows an attacker to perform a password guessing attack against the Sage X3 AdxAdmin service, which in turn can be used to authenticate to a local Windows account. This module implements the X3Crypt function to 'encrypt' any passwords to be used during the authentication process, giv...
Sage X3 Administration Service Authentication Bypass / Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sage X3 Administration Service Authentication Bypass Command Execution', 'Description' = %q This module leverages an authentication bypass exploi...
CVE-2020-7387
creationtimestamp| type| source ---|---|--- 2021-07-09 02:21:11+00:00| seen| https://t.me/CyberSecurityTechnologies/3794 2021-07-09 16:05:11+00:00| seen| https://t.me/truesecator/1904 2021-07-21 01:45:10+00:00| seen|...