METASPLOIT-modules/exploits/windows/http/cyclope_ess_sqli.rb

METASPLOIT ruby WORKING POC

Exploit for CVE-2012-10047 - Cyclope Employee Surveillance Solution 6.x - SQL Injection

AI Analysis

This Metasploit module exploits a SQL injection vulnerability in Cyclope Employee Surveillance Solution v6.2 or older, allowing arbitrary code execution under the context of 'SYSTEM' by injecting a PHP payload that writes and executes a malicious executable.

Attack Type

SQLi

Complexity

moderate

Reliability

reliable

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

Loading exploit code...

Download ZIP Password: eip

Source

Platform Metasploit

Type poc

Platform win

Language ruby

Rank excellent

Files 1

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/cyclope_ess_sqli.rb

Authors

loneferret sinn3r

Vulnerability

CVE-2012-10047

Cyclope Employee Surveillance Solution 6.x - SQL Injection