完整标题: Supermicro Onboard IPMI close_window.cgi Buffer Overflow Vulnerability 
类别: remote exploits
平台: windows
This Metasploit module exploits a buffer overflow on the Supermicro Onboard IPMI controller web interface. The vulnerability exists on the close_window.cgi CGI application, and is due to the insecure usage of strcpy. In order to get a session, the module will execute system() from libc with an arbitrary CMD payload sent on the User-Agent header. This Metasploit module has been tested successfully on Supermicro Onboard IPMI (X9SCL/X9SCM) with firmware SMT_X9_214.

# 0day.today @ http://0day.today/