(0Day) HP SiteScope SOAP Call loadFileContent Remote Code Execution Vulnerability

ID ZDI-12-177
Type zdi
Reporter Andrea Micalizzi aka rgod
Modified 2012-11-09T00:00:00


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability.

The specific flaw exists because HP SiteScope allows unauthenticated SOAP calls to be made to the SiteScope service. One of those calls is loadFileContent() which will return the content of any local file on the server including the configuration files containing password information. This can lead to remote code execution under the context of the current process.