CVE-2006-6597

HyperAccess 8.4 - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6597. PoCs published by Brett Moore.

AI-analyzed exploit summary The provided text describes a vulnerability in Hilgraeve HyperACCESS (version 8.4 and prior) that allows remote command execution via a crafted telnet URI. The example URI demonstrates how an attacker could execute arbitrary commands by referencing a script file on a remote share.

Description

Argument injection vulnerability in HyperAccess 8.4 allows user-assisted remote attackers to execute arbitrary vbscript and commands via the /r option in a telnet:// URI, which is configured to use hawin32.exe.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Brett Moore · textremotewindows

https://www.exploit-db.com/exploits/29281

View Code ZIP pw:eip

The provided text describes a vulnerability in Hilgraeve HyperACCESS (version 8.4 and prior) that allows remote command execution via a crafted telnet URI. The example URI demonstrates how an attacker could execute arbitrary commands by referencing a script file on a remote share.

Classification

Writeup 80%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: Hilgraeve HyperACCESS 8.4 (and prior versions)

No auth needed

Prerequisites: Network access to the target system · Telnet service enabled on the target

MITRE ATT&CK