Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Add exploit for Cisco Data Center Network Manager file upload #12058
Tested and working on 10.4(2) up to 11.1(1).
I will also have a full disclosure post soon with more details about the vulns, and will add the link here.
Here's the last one I wrote for reference: https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/exploit/unix/webapp/webmin_backdoor.md.
Aug 30, 2019
The Cisco Data Center Network Manager File Upload module has been added to the framework. It targets a vulnerability in DCNM that exposes a file upload servlet (FileUploadServlet) at /fm/fileUpload. An authenticated user can abuse this servlet to upload a WAR to the Apache Tomcat webapps directory and achieve remote code execution as root.