This Metasploit module exploits a file upload vulnerability in Novell ZENworks Configuration Management (ZCM, which is part of the ZENworks Suite). The vulnerability exists in the UploadServlet which accepts unauthenticated file uploads and does not check the "uid" parameter for directory traversal characters. This allows an attacker to write anywhere in the file system, and can be abused to deploy a WAR file in the Tomcat webapps directory. ZCM up to (and including) 11.3.1 is vulnerable to this attack. This Metasploit module has been tested successfully with ZCM 11.3.1 on Windows and Linux. Note that this is a similar vulnerability to ZDI-10-078 / OSVDB-63412 which also has a Metasploit exploit, but it abuses a different parameter of the same servlet.
15f84d28ce1e05b5772eda5c8a707f10298f591215c96328ff2bf9f777e5ccf4Novell ZenWorks Configuration Management version 11.3.1 suffers from an unrestricted file upload vulnerability that can be abused for remote code execution and also suffers from a directory traversal vulnerability.
2e1385af22ffe68f64c61147063cf39a03915826ed8417041c6bae636ef665e5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed