logo
DATABASE RESOURCES PRICING ABOUT US

up.time 7.5.0 Upload And Execute File Exploit

Description

Title: up.time 7.5.0 Upload And Execute File Exploit Advisory ID: [ZSL-2015-5254](<ZSL-2015-5254.php>) Type: Local/Remote Impact: System Access Risk: (4/5) Release Date: 19.08.2015 ##### Summary The next-generation of IT monitoring software. ##### Description up.time suffers from arbitrary command execution. Attackers can exploit this issue using the monitor service feature and adding a command with respected arguments to given binary for execution. In combination with the CSRF, Privilege Escalation, Arbitrary text file creation and renaming that file to php for example in arbitrary location and executing system commands with SYSTEM privileges. ##### Vendor Idera Inc. - <http://www.uptimesoftware.com> ##### Affected Version 7.5.0 (build 16) and 7.4.0 (build 13) ##### Tested On Jetty, PHP/5.4.34, MySQL Apache/2.2.29 (Win64) mod_ssl/2.2.29 OpenSSL/1.0.1j PHP/5.4.34 ##### Vendor Status [29.07.2015] Vulnerability discovered. [06.08.2015] Vendor contacted. [18.08.2015] No response from the vendor. [19.08.2015] Public security advisory released. ##### PoC [uptime_cmd.txt](<../../codes/uptime_cmd.txt>) ##### Credits Vulnerability discovered by Ewerson Guimaraes - <[crash@dclabs.com.br](<mailto:crash@dclabs.com.br>)> ##### References [1] <http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5253.php> [2] <http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5252.php> [3] <http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5251.php> [4] <http://cxsecurity.com/issue/WLB-2015080117> [5] <https://www.exploit-db.com/exploits/37888/> [6] <https://packetstormsecurity.com/files/133255> [7] <https://exchange.xforce.ibmcloud.com/vulnerabilities/105873> [8] <https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/uptime_file_upload_2.rb> [9] <https://cxsecurity.com/issue/WLB-2015110103> [10] <https://cxsecurity.com/issue/WLB-2015110102> [11] <https://packetstormsecurity.com/files/134333> [12] <https://community.rapid7.com/community/metasploit/blog/2015/11/20/weekly-metasploit-wrapup> [13] <http://www.rapid7.com/db/modules/exploit/multi/http/uptime_file_upload_2> ##### Changelog [19.08.2015] - Initial release [13.09.2015] - Added reference [4], [5], [6] and [7] [14.11.2015] - Added reference [8], [9] and [10] [15.11.2015] - Added reference [11] [23.11.2015] - Added reference [12] and [13] ##### Contact Zero Science Lab Web: <http://www.zeroscience.mk> e-mail: [lab@zeroscience.mk](<mailto:lab@zeroscience.mk>)