• Persits XUpload ActiveX MakeHttpRequest Directory Traversal
    Disclosure Date: 2009-09-29
    First seen: 2020-04-26
    exploit/windows/browser/persits_xupload_traversal
    This module exploits a directory traversal in Persits Software Inc's XUpload ActiveX control(version 3.0.0.3) that's included in HP LoadRunner 9.5. By passing a string containing "..\" sequences to the MakeHttpRequest method, an attacker is able to write arbitrary files to arbitrary locations on disk. Code execution occurs by writing to the All Users Startup Programs directory. You may want to combine this module with the use of exploit/multi/handler since a user would have to log for the payload to execute. Authors: - jduck <jduck@metasploit.com>
  • Persits XUpload ActiveX AddFile Buffer Overflow
    Disclosure Date: 2008-01-25
    First seen: 2020-04-26
    exploit/windows/browser/hp_loadrunner_addfile
    This module exploits a stack buffer overflow in Persits Software Inc's XUpload ActiveX control(version 3.0.0.3) thats included in HP LoadRunner 9.5. By passing an overly long string to the AddFile method, an attacker may be able to execute arbitrary code. Authors: - jduck <jduck@metasploit.com>
  • HP LoadRunner 9.0 ActiveX AddFolder Buffer Overflow
    Disclosure Date: 2007-12-25
    First seen: 2020-04-26
    exploit/windows/browser/hp_loadrunner_addfolder
    This module exploits a stack buffer overflow in Persits Software Inc's XUpload ActiveX control(version 2.1.0.1) thats included in HP LoadRunner 9.0. By passing an overly long string to the AddFolder method, an attacker may be able to execute arbitrary code. Authors: - MC <mc@metasploit.com>
3 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers. Visit metasploit web site for more details
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!