-
Notifications
You must be signed in to change notification settings - Fork 14.3k
Create exploit for CVE-2015-0779 #5096
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
|
Added OSVDB and full disc URL, good to go! |
|
Bump? Do you need anything else, please let me know! |
| end | ||
|
|
||
|
|
||
| def exploit |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I feel like it should be something like:
tomcat_paths = []
if datastore['TOMCAT_PATH']
tomcat_paths << datastore['TOMCAT_PATH']
end
tomcat_paths.concat([ '../../../opt/novell/zenworks/share/tomcat/webapps/', '../webapps/' ])
tomcat_paths.each do |tomcat_path|
upload_war_and_exec(tomcat_path)
break if session_created?
end|
Testing, if works I can make cleanup by myself, looks like minor things :) |
|
Module works: I tested it against a ZCM 10.2 ISO I had in the archives. I'll do some final cleanup by myself and land in a while! Thanks! |
|
Landed finally! Had some problems with my ZCM installation, had to reinstall! Final commit: a531ad9 Final test: Thanks @pedrib ! |
This is an exploit for CVE-2015-0779, a file upload vulnerability in ZenWorks Configuration Management up to and including 11.3.1.
This exploit works in Windows, Linux and the Virtual Appliance which can be downloaded from Novell's website. It has been extensively tested on all platforms.
I'll add the full disclosure and OSVDB links once they become available, but otherwise it is ready to go on my side.