New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add exploit for CVE-2014-5445, NetFlow Analyzer arbitrary download #4282
Conversation
|
Thanks @pedrib !! See pedrib#11 It's doing minor cleanup for #4282. Feel free to review and land once ready. I'll wait for you to add the OSVDB and FULLDISC url's and it will be ready to go! Thanks! Test after cleanup: |
|
Thanks, merged! I'll add the links as soon as they show up. |
|
OSVDB and full disclosure links added, it's good to go! |
|
Thanks @pedrib , landing! |
|
@jvazquez-r7 @pedrib In your example here, you have: Though I can't help but notice that you're not escaping the slashes here. What should the user really be typing? |
|
And I only just noticed this now, but |
|
I'd be happy to have the default be system.ini and have the correct number of slashes. I just want to shorten that option description -- right now it's really long and already taken care of in the main description. thx @jhart-r7 |
|
@todb-r7 in a Linux prompt you have to type 4 back slashes |
|
Right, but now I'm confused what the user should be typing in the datastore option. The screen shot has no double slashes. |
|
I think - but correct me if I'm wrong - that two slashes are to escape in
|
|
Okay. So if I'm in msfconsole, or an rc script, I need two slashes, and that's just for Ruby. I was confused about the directive for two slashes because I read it as you'd need something like: I assume this is not what you intended. |
This PR adds an exploit for CVE-2014-5445, a 0-day vulnerability in ManageEngine NetFlow Analyzer that allows an unauthenticated user to download any file in the system. This works on both Linux and Windows, and has been tested extensively with all vulnerable versions (8.6 to 10.2).
All that is left is to add the OSVDB ID and the full disclosure URL, and as usual those come up in 2 or 3 days max. I will push those when they come up, please have a look and let me know what you think.