Showing 1 - 3 of 3

Files from Wietse Boonstra

First Active	2019-07-26
Last Active	2019-07-26

Ahsay Backup 7.x / 8.x XML Injection: Posted Jul 26, 2019; Authored by Wietse Boonstra; Ahsay Backup versions 7.x through 8.1.1.50 suffer from an XML external entity injection vulnerability.; tags | exploit; advisories | CVE-2019-10266; SHA-256 | dd8c01c9f85afcf5145302b1adfc9557936417386490d477aa5caa61b6d6728b; Download | Favorite | View

Ahsay Backup 7.x / 8.x File Upload / Remote Code Execution: Posted Jul 26, 2019; Authored by Wietse Boonstra | Site metasploit.com; This Metasploit module exploits an authenticated insecure file upload and code execution flaw in Ahsay Backup versions 7.x through 8.1.1.50. To successfully execute the upload credentials are needed, default on Ahsay Backup trial accounts are enabled so an account can be created. It can be exploited in Windows and Linux environments to get remote code execution (usually as SYSTEM). This module has been tested successfully on Ahsay Backup v8.1.1.50 with Windows 2003 SP2 Server. Because of this flaw all connected clients can be configured to execute a command before the backup starts. Allowing an attacker to takeover even more systems and make it rain shells!; tags | exploit, remote, shell, code execution, file upload; systems | linux, windows; advisories | CVE-2019-10267; SHA-256 | 83afb5ef0b4fb3cbf8a67a2f3aef040fe1e3f8026ef03cddf56dee9c7ba91e49; Download | Favorite | View

Ahsay Backup 7.x / 8.x File Upload / Remote Code Execution: Posted Jul 26, 2019; Authored by Wietse Boonstra; Ahsay Backup versions 7.x through 8.1.1.50 suffer from authenticated arbitrary file upload and remote code execution vulnerabilities.; tags | exploit, remote, arbitrary, vulnerability, code execution, file upload; advisories | CVE-2019-10267; SHA-256 | 8f297f63226a55c017752fbfc4e3ad2b92918ea609bfd8418e0ea5ca9cf59421; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days