SysAid Help Desk 'rdslogs' - Arbitrary File Upload (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'zlib' class Metasploit3 "SysAid Help Desk 'rdslogs' Arbitrary File Upload", 'Description' = %q This module exploits a file upload vulnerabilit...

SysAid Help Desk 'rdslogs' Arbitrary File Upload

This module exploits a file upload vulnerability in SysAid Help Desk v14.3 and v14.4. The vulnerability exists in the RdsLogsEntry servlet which accepts unauthenticated file uploads and handles zip file contents in an insecure way. By combining both weaknesses, a remote attacker can accomplish...

SysAid Help Desk rdslogs Arbitrary File Upload Exploit

This Metasploit module exploits a file upload vulnerability in SysAid Help Desk v14.3 and v14.4. The vulnerability exists in the RdsLogsEntry servlet which accepts unauthenticated file uploads and handles zip file contents in a insecure way. Combining both weaknesses a remote attacker can...

CVE-2015-2995

The RdsLogsEntry servlet in SysAid Help Desk before 15.2 does not properly check file extensions, which allows remote attackers to upload and execute arbitrary files via a NULL byte after the extension, as demonstrated by a .war%00 file...

CVE-2015-2995

CVE-2015-2995 affects SysAid Help Desk prior to 15.2, in the RdsLogsEntry servlet, where improper file-extension checking allows remote upload and execution of arbitrary files via a NULL byte after the extension (e.g., .war%00). Connected sources confirm a concrete exploit surface, including a Me...

CVE-2015-2995

The RdsLogsEntry servlet in SysAid Help Desk before 15.2 does not properly check file extensions, which allows remote attackers to upload and execute arbitrary files via a NULL byte after the extension, as demonstrated by a .war%00 file...