← Advisories

up.time 7.5.0 Upload And Execute File Exploit

High

Advisory ID

ZSL-2015-5254

Release Date

19 August 2015

Vendor

Idera Inc. - http://www.uptimesoftware.com

Affected Version

7.5.0 (build 16) and 7.4.0 (build 13)

CVE

N/A

Tested On

Jetty, PHP/5.4.34, MySQL, Apache/2.2.29 (Win64) mod_ssl/2.2.29 OpenSSL/1.0.1j PHP/5.4.34

Summary

The next-generation of IT monitoring software.

Description

up.time suffers from arbitrary command execution. Attackers can exploit this issue using the monitor service feature and adding a command with respected arguments to given binary for execution. In combination with the CSRF, Privilege Escalation, Arbitrary text file creation and renaming that file to php for example in arbitrary location and executing system commands with SYSTEM privileges.

Proof of Concept

uptime_cmd.txtTXT

Disclosure Timeline

29.07.2015Vulnerability discovered.

06.08.2015Vendor contacted.

18.08.2015No response from the vendor.

19.08.2015Public security advisory released.

Credits

Vulnerability discovered by Ewerson Guimaraes

References

[1]https://www.zeroscience.mk/#/advisories/ZSL-2015-5253

[2]https://www.zeroscience.mk/#/advisories/ZSL-2015-5252