CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/documentation/modules/exploit/windows/nuuo/nuuo_cms_fu.md
Views: 1904
Vulnerable Application
Nuuo CMS Authenticated Arbitrary File Upload
The COMMITCONFIG verb is used by a CMS client to upload and modify the configuration of the CMS Server. An example is below:
The vulnerability is in the "FileName" parameter, which accepts directory traversal (..\..\) characters. Therefore, this function can be abused to overwrite any files in the installation drive of CMS Server.
This vulnerability is exploitable in CMS versions up to and including v2.4.
This module will either use a provided session number (which can be guessed with an auxiliary module) or attempt to login using a provided username and password - it will also try the default credentials if nothing is provided.
NUUO Central Management Server (CMS): all versions below 2.5
1.5.2 OK
2.1.0 OK
2.3.2 OK
2.4.0 OK
2.6.0 FAIL (vuln fixed?)
2.9.0 FAIL
2.10.0 FAIL