This exploit targets OSSEC WUI 0.8 by leveraging a directory traversal vulnerability to create a malicious user and inject a payload via SMTP. The payload executes arbitrary commands when a user logs in, demonstrating a denial-of-service (DoS) or potential remote code execution (RCE) scenario.
Classification
Working Poc 90%
Target:
OSSEC WUI 0.8
Auth required
Prerequisites:
OSSEC WUI 0.8 installed · Network access to the target server · Valid credentials for authentication