Skip to content

Latest commit

 

History

History

CVE-2017-7283

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 
 
 

CVE-2017-7283: Unitrends Enterprise Backup Solution RCE via Retore File

Information

Description: Authenticated command execution via command injection.
Versions Affected: 9.0
Researcher: Dwight Hohnstein (https://twitter.com/djhohnstein)
Disclosure Link: https://rhinosecuritylabs.com/research/remote-code-execution-bug-hunting-chapter-2/
NIST CVE Link: https://nvd.nist.gov/vuln/detail/CVE-2017-7283

Proof-of-Concept Exploit

Description

An attacker can execute arbitrary commands on the machine once logged into the web application. You can do so by including a malicious command as a filename in your list of filenames.

Parameters:

filenames - Command you want to execute. Aka {"filenames": ["'\nsleep 10\n"]}

Headers required:

AuthToken - Cookie "token" given to you at login

Usage/Exploitation

python CVE-2017-7283.py -u TARGET -U USER -P PASSWORD

Screenshot

Alt-text that shows up on hover