CVE-2014-8516
published 2020-01-03CVE-2014-8516: Unrestricted file upload vulnerability in Visual Mining NetCharts Server allows remote attackers to execute arbitrary code by uploading a file with an…
PriorityP183critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
81.68%
99.6th percentile
Unrestricted file upload vulnerability in Visual Mining NetCharts Server allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.
Detection & IOCsextracted from sources · hover to see the quote
- →Detect multipart POST/GET to /Admin/archive/upload.jsp with mode=getZip and a filename containing a null byte followed by 'Archive0101140101.zip' — this is the upload bypass technique used to smuggle a .jsp payload. ↗
- →Monitor HTTP GET requests to /Admin/archive/ArchiveCache/*.jsp — this path is where uploaded JSP payloads are executed after upload. ↗
- →Alert on authentication attempts using the default hidden username 'Scheduler' or default admin credentials (Admin/Admin) against the NetCharts admin console on port 8001. ↗
- →Flag any file upload to the NetCharts server where the submitted filename contains a null byte (\x00), used to bypass extension filtering. ↗
- ·The 'Scheduler' hidden user is only usable after any modification to the user database (user added or admin password changed); without that precondition, valid credentials must be supplied for exploitation. ↗
- ·The default Admin password for NetCharts Server is 'Admin' — installations with unchanged defaults are immediately exploitable without needing the Scheduler account. ↗
- ·The Metasploit module targets Visual Mining NetCharts Server 7.0 specifically; applicability to other versions is unconfirmed. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Visual Mining NetCharts Server - Remote Code Execution (Metasploit)
exploitdb·2014-11-10
CVE-2014-8516 Visual Mining NetCharts Server - Remote Code Execution (Metasploit)
Visual Mining NetCharts Server - Remote Code Execution (Metasploit)
---
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 'Visual Mining NetCharts Server Remote Code Execution',
'Description' => %q{
This module exploits multiple vulnerabilities in Visual Mining NetCharts.
First, a lack of input validation in the administration console permits
arbitrary jsp code upload to locations accessible later through the web
service. Authentication is typically required, however a 'hidden' user is
available by default (and non editable). This user, named 'Scheduler',
can only login to the console after any modification in the user
database (a user is added, admin password is
Metasploit
Visual Mining NetCharts Server Remote Code Execution
metasploit
Visual Mining NetCharts Server Remote Code Execution
Visual Mining NetCharts Server Remote Code Execution
This module exploits multiple vulnerabilities in Visual Mining NetCharts. First, a lack of input validation in the administration console permits arbitrary jsp code upload to locations accessible later through the web service. Authentication is typically required, however a 'hidden' user is available by default (and non-editable). This user, named 'Scheduler', can only login to the console after any modification in the user database (a user is added, admin password is changed etc). If the 'Scheduler' user isn't available valid credentials must be supplied. The default Admin password is Admin.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/70895http://www.zerodayinitiative.com/advisories/ZDI-14-372/https://exchange.xforce.ibmcloud.com/vulnerabilities/98475https://packetstormsecurity.com/files/129023http://www.securityfocus.com/bid/70895http://www.zerodayinitiative.com/advisories/ZDI-14-372/https://exchange.xforce.ibmcloud.com/vulnerabilities/98475https://packetstormsecurity.com/files/129023
2020-01-03
Published