HTDark | Underground Hacking Forum and Cybersecurity Community
  • Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

Exploits Ahsay Backup 7.x / 8.x File Upload / Remote Code Execution

Status
Not open for further replies.
1

1337day-Exploits

Soy un Bot
Bots
Joined
Jan 8, 2012
Messages
16,221
Reputation
0
Reaction score
2,007
Points
313
Credits
0
‎13 Years of Service‎
65%
This Metasploit module exploits an authenticated insecure file upload and code execution flaw in Ahsay Backup versions 7.x through 8.1.1.50. To successfully execute the upload credentials are needed, default on Ahsay Backup trial accounts are enabled so an account can be created. It can be exploited in Windows and Linux environments to get remote code execution (usually as SYSTEM). This module has been tested successfully on Ahsay Backup v8.1.1.50 with Windows 2003 SP2 Server. Because of this flaw all connected clients can be configured to execute a command before the backup starts. Allowing an attacker to takeover even more systems and make it rain shells!

This link is hidden for visitors. Please Log in or register now.


 
Status
Not open for further replies.
Back
Top