CVE-2015-2997

Related Files

SysAid Help Desk Arbitrary File Download

Posted Aug 31, 2024

Authored by Pedro Ribeiro | Site metasploit.com

This Metasploit module exploits two vulnerabilities in SysAid Help Desk that allows an unauthenticated user to download arbitrary files from the system. First, an information disclosure vulnerability (CVE-2015-2997) is used to obtain the file system path, and then we abuse a directory traversal (CVE-2015-2996) to download the file. Note that there are some limitations on Windows, in that the information disclosure vulnerability doesnt work on a Windows platform, and we can only traverse the current drive (if you enter C:\afile.txt and the server is running on D:\ the file will not be downloaded). This Metasploit module has been tested with SysAid 14.4 on Windows and Linux.

tags | exploit, arbitrary, vulnerability, info disclosure

systems | linux, windows

advisories | CVE-2015-2996, CVE-2015-2997

SHA-256 | d2fb2969a8c58608b9b608d975acd9ca05c3df75f68ee7d1fffe92900e654527

Download | Favorite | View

SysAid Help Desk 14.4 Code Execution / Denial Of Service / Traversal / SQL Injection

Posted Jun 3, 2015

Authored by Pedro Ribeiro

SysAid Help Desk version 14.4 suffers from code execution, denial of service, path disclosure, remote file upload, remote SQL injection, directory traversal, file download, and various other vulnerabilities.

tags | exploit, remote, denial of service, vulnerability, code execution, sql injection, file upload

advisories | CVE-2015-2993, CVE-2015-2994, CVE-2015-2995, CVE-2015-2996, CVE-2015-2997, CVE-2015-2998, CVE-2015-2999, CVE-2015-3000, CVE-2015-3001

SHA-256 | 093017574bd7478707d43e7e2b1e19064b8c055c7cf9ea2fe8f3083b6a50e5cb

Download | Favorite | View