adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix version numbers

Browse Source
This commit is contained in:
h00die
2020-11-08 22:38:53 -05:00
parent 3c4962e9b0
commit da70b74954
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
documentation/modules/exploit/linux/http/pulse_secure_gzip_rce.md
+2 -2
View File
@@ -1,11 +1,11 @@
## Vulnerable Application
The Pulse Connect Secure appliance before 9.1R8 suffers from an uncontrolled gzip extraction vulnerability which allows an authenticated attacker
The Pulse Connect Secure appliance before 9.1R9 suffers from an uncontrolled gzip extraction vulnerability which allows an authenticated attacker
to overwrite arbitrary files, resulting in Remote Code Execution as root. Admin credentials are required for successful exploitation.
NCC Group [wrote](https://research.nccgroup.com/2020/10/26/technical-advisory-pulse-connect-secure-rce-via-uncontrolled-gzip-extraction-cve-2020-8260/)
in their findings a few different ways to achieve RCE through the gzip vulnerability. This exploit utilizes the Template Toolkit method
which works up to 9.1R8, whereas the other methods were patched earlier. With this method, since the payload is sent in the perl
which works up to 9.1R8 (possibly more), whereas the other methods were patched earlier. With this method, since the payload is sent in the perl
template, there are also no bad characters.
Of note, MANY binaries are not in `$PATH`, but are located in `/home/bin/`. Thanks to @wvu for pointing that out.