CVE-2017-5228

CVE-2017-5228

All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance.

Source: CVE-2017-5228

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다