Lucene search
Ahmed Sherif1337DAY-ID-34281HistoryApr 21, 2020 - 12:00 a.m.
Sysaid 20.1.11 b26 Remote Command Execution Vulneravility
2020-04-2100:00:00
Ahmed Sherif
0day.today
31
0.007 Low
EPSS
Percentile
81.0%
Sysaid version 20.1.11 b26 suffers from an AJP13 remote command execution vulnerability.
# Exploit Title: Sysaid 20.1.11 b26 - Remote Command Execution
# Google Dork: intext:"Help Desk Software by SysAid <http://www.sysaid.com/>"
# Exploit Author: Ahmed Sherif
# Vendor Homepage: https://www.sysaid.com/free-help-desk-software
# Software Link: [https://www.sysaid.com/free-help-desk-software
# Version: Sysaid v20.1.11 b26
# Tested on: Windows Server 2016
# CVE : CVE-2020-10569
GhostCat Attack
The default
installation of Sysaid is enabling the exposure of AJP13 protocol which is used
by tomcat instance, this vulnerability has been released recently on
different blogposts
<https://www.zdnet.com/article/ghostcat-bug-impacts-all-apache-tomcat-versions-released-in-the-last-13-years/>.
*Proof-of-Concept*
[image: image.png]
*Unauthenticated File Upload
*
It was found on the Sysaid application that an attacker would be able
to upload files without authenticated by directly access the below
link:
http://REDACTED:8080/UploadIcon.jsp?uploadChatFile=true&parent=
In the above screenshot, it shows that an attacker can execute commands
in the system without any prior authentication to the system.
# 0day.today [2020-07-20] #Related
packetstorm
packetstorm
Sysaid 20.1.11 b26 Remote Command Execution
2020-04-21 00:00:00
cvelist
cvelist
CVE-2020-10569
2020-04-21 19:01:37
prion
prion
Design/Logic Flaw
2020-04-21 19:15:00
attackerkb
attackerkb
CVE-2020-10569
2020-04-21 00:00:00
nvd
nvd
CVE-2020-10569
2020-04-21 19:15:12
cve
cve
CVE-2020-10569
2020-04-21 19:15:12