CVE-2017-12542

This exploit triggers a stack-based buffer overflow in HP iLO by sending a crafted 'Connection' header with an oversized value (29 'A' characters). It can test for vulnerability by listing users or exploit it by creating a new admin account via the REST API.

This PoC exploits CVE-2017-12542, a buffer overflow vulnerability in HP iLO4, to create a new admin user. It includes both a test function to check for vulnerability and an exploit function to add a privileged user.

This repository contains a Python script that scans for HP iLO 4 devices vulnerable to CVE-2017-12542 by checking version information via an unauthenticated API endpoint. It does not exploit the vulnerability but identifies potentially vulnerable targets.

This repository contains a functional Python exploit for CVE-2017-12542, an authentication bypass vulnerability in HP iLO firmware. The exploit demonstrates unauthenticated access to the iLO REST API, allowing account enumeration and administrative user creation via malformed HTTP headers.

This PoC exploits CVE-2017-12542, a vulnerability in HP iLO servers, by sending a malformed 'Connection' header to bypass authentication and create an admin user. It includes both vulnerability checking and exploitation capabilities.

This Metasploit module exploits an authentication bypass vulnerability in HP iLO 4 (CVE-2017-12542) by triggering a buffer overflow in the Connection HTTP header handling. It allows the creation of an arbitrary administrator account via the REST API.