This python script allows execution of a command with an arbitrary number of arguments. The trick calls 'perl.exe' interpreter installed with HP Data Protector inside the directory {install_path}/bin/. The main goal of the script is to bypass the limitation of executing only a single command without any parameter, as provided by already existing exploits. It is possible to exploit the security issue in order to run any command inside the target system.
f3af687e6ae93d7108daba5565a341cceceb6c51dd70cc03120b8c1910bc8e5cThis Metasploit module allows execution of a command with an arbitrary number of arguments on Microsoft Windows operating systems. The trick calls a perl.exe interpreter installed with HP Data Protector inside the directory {install_path}/bin/. The main goal of the script is to bypass the limitation of execute only a single command without parameters, as provided by already existing exploits. It is possible to exploit the security issue in order to run any command inside the target system.
5f0f9f62015fe421d3fb88ace93c276d32b36986aa82809a47927f87e8803536This exploit abuses a vulnerability in the HP Data Protector service. This flaw allows an unauthenticated attacker to take advantage of the EXEC_CMD command and traverse back to /bin/sh, this allows arbitrary remote code execution under the context of root.
95add5b2ce4d94dcd719eaead5d7369aff78a1ef7a8325a02fc4a43b2369c0b5HP Data Protector remote shell for HP-UX that leverages improper filtering of arguments to the EXEC_CMD command.
6138083e044eab7159ad69d78d1317b09b2c2cab7f6ff4f168534e4b35537ed8HP Data Protector Client remote code execution proof of concept exploit.
951db48f45c071586a2510454c9514403bde6360de72d224a170ce5b8cc143db
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed