Exploitation Summary
EIP tracks 3 public exploits for CVE-2015-2996.
Includes Metasploit module auxiliary/admin/http/sysaid_file_download.
A Nuclei detection template is also available.
AI-analyzed exploit summary This document provides a detailed technical analysis of multiple vulnerabilities in SysAid Help Desk 14.4, including administrator account creation, file upload via directory traversal, arbitrary file download, path disclosure, hard-coded cryptographic key usage, and SQL injection. It includes proof-of-concept requests and Metasploit module references.
Description
Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the fileName parameter to getGfiUpgradeFile or (2) cause a denial of service (CPU and memory consumption) via a .. (dot dot) in the fileName parameter to calculateRdsFileChecksum.
Exploits (3)
This document provides a detailed technical analysis of multiple vulnerabilities in SysAid Help Desk 14.4, including administrator account creation, file upload via directory traversal, arbitrary file download, path disclosure, hard-coded cryptographic key usage, and SQL injection. It includes proof-of-concept requests and Metasploit module references.
This Metasploit module exploits CVE-2015-2996 (directory traversal) and CVE-2015-2997 (info disclosure) in SysAid Help Desk to download arbitrary files. It first determines the traversal path via an error message, then uses it to fetch the target file.
This Metasploit module exploits an arbitrary file download vulnerability in SysAid Help Desk to retrieve the server configuration file containing encrypted database credentials. It then decrypts the credentials using a known fixed key and reports them.
Nuclei Templates (1)
http.favicon.hash:1540720428
icon_hash=1540720428