vendor:
LoadRunner
by:
Nine:Situations:Group::pyrokinesis
8.8
CVSS
HIGH
Remote File Creation
264
CWE
Product Name: LoadRunner
Affected Version From: HP LoadRunner 9.5
Affected Version To: HP LoadRunner 9.5
Patch Exists: NO
Related CWE: N/A
CPE: a:hp:loadrunner:9.5
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: IE 8
2009
HP LoadRunner 9.5 Persits.XUpload.2 control (XUpload.ocx) MakeHttpRequest() remote file creation poc (IE 8)
This exploit allows an attacker to create a remote file on the target system using the MakeHttpRequest() method of the Persits.XUpload.2 control (XUpload.ocx). The attacker can specify the server, script, method, parameters, path, user agent, and headers of the request. In this example, the attacker is using the MakeHttpRequest() method to create a batch script that starts calc.exe in the Startup folder of the target system.
Mitigation:
Disable the Persits.XUpload.2 control (XUpload.ocx) if it is not needed. If it is needed, ensure that it is properly configured and that only trusted users have access to it.
