CVE-2009-3693

Persits XUpload - Path Traversal via MakeHttpRequest Method

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2009-3693. PoCs published by Metasploit, pyrokinesis, jduck, including Metasploit module exploits/windows/browser/persits_xupload_traversal.

AI-analyzed exploit summary This Metasploit module exploits a directory traversal vulnerability in Persits XUpload ActiveX control (version 3.0.0.3) to write arbitrary files to arbitrary locations on disk, achieving remote code execution by placing an executable in the All Users Startup Programs directory.

Description

Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control (XUpload.ocx) in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via \.. (backwards slash dot dot) sequences in the third argument to the MakeHttpRequest method.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16598

This Metasploit module exploits a directory traversal vulnerability in Persits XUpload ActiveX control (version 3.0.0.3) to write arbitrary files to arbitrary locations on disk, achieving remote code execution by placing an executable in the All Users Startup Programs directory.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Persits XUpload ActiveX control (version 3.0.0.3) included in HP LoadRunner 9.5
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · ActiveX control must be installed and enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by pyrokinesis · htmldoswindows
https://www.exploit-db.com/exploits/9806

This exploit leverages the Persits.XUpload.2 ActiveX control in HP LoadRunner 9.5 to remotely create a file via the MakeHttpRequest method. It downloads a batch script from a remote server and places it in the Startup folder for execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: HP LoadRunner 9.5
No auth needed
Prerequisites: Victim must use Internet Explorer 8 · ActiveX control must be registered and not kill-bitted
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by jduck · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/persits_xupload_traversal.rb

This Metasploit module exploits a directory traversal vulnerability in Persits XUpload ActiveX control (version 3.0.0.3) by leveraging the MakeHttpRequest method to write arbitrary files to arbitrary locations, achieving remote code execution via the All Users Startup Programs directory.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Persits XUpload ActiveX control (version 3.0.0.3) included in HP LoadRunner 9.5
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · ActiveX control must be installed and enabled
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36898

Scores

EPSS 0.7089
EPSS Percentile 98.7%

Details

CWE
CWE-22
Status published
Products (2)
hp/loadrunner 9.5
persits/xupload 2.0
Published Oct 13, 2009
Tracked Since Feb 18, 2026