(0Day) HP SiteScope UploadFilesHandler Remote Code Execution Vulnerability

ID ZDI-12-174
Type zdi
Reporter Andrea Micalizzi aka rgod
Modified 2012-06-22T00:00:00


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw is a directory traversal in the UploadFilesHandler url that allows you to upload files to the server into a directory on the server that allows for scripting. This vulnerability could lead to remote code execution under the context of the current process.