|    |    |    | Today: 20-Nov-2017 |

Samsung Security Manager 1.5 ActiveMQ Broker Service PUT Method Remote Code Execution

August 6, 2016 | Posted in ExploitAlert

This is an exploit against Samsung Security Manager that bypasses the patch in CVE-2015-3435 by exploiting the vulnerability against the client side. This exploit has been tested successfully against IE, FireFox and Chrome by abusing a GET request XSS to bypass CORS and reach the vulnerable PUT. Finally, a traversal is used in the PUT request to upload the code just where we want it and gain Remote Code Execution as SYSTEM.


Source: Samsung Security Manager 1.5 ActiveMQ Broker Service PUT Method Remote Code Execution

Taged in: activemq, broker, manager, method, samsung, Security, service