CVE-2013-0136
Mutiny < 5.0-1.11 - Authenticated Path Traversal and Arbitrary File Write via EditDocument Servlet
Title source: llmExploitation Summary
EIP tracks 3 public exploits for CVE-2013-0136.
PoCs published by Metasploit, juan vazquez, including Metasploit module auxiliary/admin/http/mutiny_frontend_read_delete.
AI-analyzed exploit summary This Metasploit module exploits a directory traversal vulnerability in Mutiny 5's EditDocument servlet to upload arbitrary files, leading to remote code execution with root privileges. It authenticates as a valid user, uploads an ELF payload and a JSP file to execute it, and triggers the payload via HTTP request.
Description
Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service (file deletion or renaming) via (1) the uploadPath parameter in an UPLOAD operation; the paths[] parameter in a (2) DELETE, (3) CUT, or (4) COPY operation; or the newPath parameter in a (5) CUT or (6) COPY operation.
Exploits (3)
This Metasploit module exploits a directory traversal vulnerability in Mutiny 5's EditDocument servlet to upload arbitrary files, leading to remote code execution with root privileges. It authenticates as a valid user, uploads an ELF payload and a JSP file to execute it, and triggers the payload via HTTP request.
This Metasploit module exploits a directory traversal vulnerability in the Mutiny 5 appliance's EditDocument servlet, allowing authenticated users to read or delete arbitrary files with root privileges. It includes authentication handling and file operations via crafted POST requests.
This Metasploit module exploits a directory traversal vulnerability in Mutiny 5's EditDocument servlet to upload arbitrary files, leading to remote code execution with root privileges. It authenticates as a valid user, uploads an ELF payload and a JSP file to execute it.