SysAid Zero-Day RCE CVE-2023-47246 Exploit

SysAid Zero-Day RCE CVE-2023-47246 Exploit

vPython by Prapattimynk

SysAid Zero-Day RCE ExploitThe threat actors successfully uploaded a WAR archive that housed a WebShell and various payloads into the webroot of the SysAid Tomcat web service by exploiting the SysAid

Android Android 5.0Exploits And POCs
( 845 ratings )
Price: $0
File SysAid Zero-Day RCE Exploit
Publisher Prapattimynk
Genre Exploits And POCs
File Type Python
Os All
Mod Version Python
Report Report
SysAid Zero-Day RCE Exploit is the most famous version in the SysAid Zero-Day RCE Exploit series of publisher
Download

SysAid Zero-Day RCE Exploit

The threat actors successfully uploaded a WAR archive that housed a WebShell and various payloads into the webroot of the SysAid Tomcat web service by exploiting the SysAid CVE-2023-47246 Path Traversal vulnerability. The vulnerability is located in the doPost method of the SysAid com.ilient.server.UserEntry class. Exploiting this vulnerability involves manipulating the accountID parameter to introduce a path traversal, allowing the attacker to determine the location on the vulnerable server where the WebShell is written. The attack is executed by delivering a POST request with a zipped, compressed WAR file containing the WebShell as the request body. Subsequently, the threat actor gains access to the WebShell, enabling them to interact with the compromised system.

SysAid Zero-Day RCE CVE-2023-47246 Exploit


Recommended for You

You may also like

Comments

Your email address will not be published. Required fields are marked *

Next Post X
Ads Blocker Image Powered by Code Help Pro

AdBlocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker.