0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Sysaid 20.1.11 b26 Remote Command Execution Vulneravility
Author
Risk
[
Security Risk Critical
]0day-ID
Category
Date add
CVE
Platform
# Exploit Title: Sysaid 20.1.11 b26 - Remote Command Execution # Google Dork: intext:"Help Desk Software by SysAid <http://www.sysaid.com/>" # Exploit Author: Ahmed Sherif # Vendor Homepage: https://www.sysaid.com/free-help-desk-software # Software Link: [https://www.sysaid.com/free-help-desk-software # Version: Sysaid v20.1.11 b26 # Tested on: Windows Server 2016 # CVE : CVE-2020-10569 GhostCat Attack The default installation of Sysaid is enabling the exposure of AJP13 protocol which is used by tomcat instance, this vulnerability has been released recently on different blogposts <https://www.zdnet.com/article/ghostcat-bug-impacts-all-apache-tomcat-versions-released-in-the-last-13-years/>. *Proof-of-Concept* [image: image.png] *Unauthenticated File Upload * It was found on the Sysaid application that an attacker would be able to upload files without authenticated by directly access the below link: http://REDACTED:8080/UploadIcon.jsp?uploadChatFile=true&parent= In the above screenshot, it shows that an attacker can execute commands in the system without any prior authentication to the system. # 0day.today [2024-09-20] #