7 matches found
Metasploit Wrap-Up
Now I Control Your Resource Planning Servers Sage X3 is a resource planning product designed by Sage Group which is designed to help established businesses plan out their business operations. But what if you wanted to do more than just manage resources? What if you wanted to hijack the resource...
CVE-2020-7388
Sage X3 Unauthenticated Remote Command Execution RCE as SYSTEM in AdxDSrv.exe component. By editing the client side authentication request, an attacker can bypass credential validation. While exploiting this does require knowledge of the installation path, that information can be learned by...
Design/Logic Flaw
Sage X3 Installation Pathname Disclosure. A specially crafted packet can elicit a response from the AdxDSrv.exe component that reveals the installation directory of the product. Note that this vulnerability can be combined with CVE-2020-7388 to achieve full RCE. This issue was fixed in AdxAdmin...
CVE-2020-7388
CVE-2020-7388 affects Sage X3 AdxAdmin/AdxDSrv.exe, allowing unauthenticated RCE as SYSTEM by editing the client authentication request. The flaw bypasses credential validation; attacker may need to know the installation path (information learnable via CVE-2020-7387). Root cause involves the logi...
Sage X3 Administration Service Authentication Bypass Command Execution
This module leverages an authentication bypass exploit within Sage X3 AdxSrv's administration protocol to execute arbitrary commands as SYSTEM against a Sage X3 Server running an available AdxAdmin service. Module Options msf use exploit/windows/sage/x3adxsrvauthbypasscmdexec msf...
Sage X3 Administration Service Authentication Bypass / Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sage X3 Administration Service Authentication Bypass Command Execution', 'Description' = %q This module leverages an authentication bypass exploi...
CVE-2020-7388
creationtimestamp| type| source ---|---|--- 2021-07-09 16:05:11+00:00| seen| https://t.me/truesecator/1904 2021-07-21 01:45:10+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/sage/x3adxsrvauthbypasscmdexec.rb 2021-09-21 04:41:55+00:00| seen|...