Metasploit modules that can be used to exploit Indusoft products
-
InduSoft Web Studio ISSymbol.ocx InternationalSeparator() Heap Overflow
Disclosure Date: 2012-04-28First seen: 2020-04-26exploit/windows/browser/indusoft_issymbol_internationalseparatorThis module exploits a heap overflow found in InduSoft Web Studio <= 61.6.00.00 SP6. The overflow exists in the ISSymbol.ocx, and can be triggered with a long string argument for the InternationalSeparator() method of the ISSymbol control. This module uses the msvcr71.dll form the Java JRE6 to bypass ASLR. Authors: - Alexander Gavrun - Dmitriy Pletnev - James Fitts <fitts.james@gmail.com> - juan vazquez <juan.vazquez@metasploit.com> -
InduSoft Web Studio Arbitrary Upload Remote Code Execution
Disclosure Date: 2011-11-04First seen: 2020-04-26exploit/windows/scada/indusoft_webstudio_execThis module exploits a lack of authentication and authorization on the InduSoft Web Studio Remote Agent, that allows a remote attacker to write arbitrary files to the filesystem, by abusing the functions provided by the software. The module uses the Windows Management Instrumentation service to execute an arbitrary payload on vulnerable installations of InduSoft Web Studio on Windows pre Vista. It has been successfully tested on InduSoft Web Studio 6.1 SP6 over Windows XP SP3 and Windows 2003 SP2. Authors: - Luigi Auriemma - juan vazquez <juan.vazquez@metasploit.com> -
Indusoft WebStudio NTWebServer Remote File Access
First seen: 2020-04-26auxiliary/scanner/scada/indusoft_ntwebserver_fileaccessThis module exploits a directory traversal vulnerability in Indusoft WebStudio. The vulnerability exists in the NTWebServer component and allows to read arbitrary remote files with the privileges of the NTWebServer process. The module has been tested successfully on Indusoft WebStudio 6.1 SP6. Authors: - Unknown - juan vazquez <juan.vazquez@metasploit.com>
3 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers.
Visit metasploit web site for more details