File tree Expand file tree Collapse file tree 1 file changed +5
-5
lines changed
modules/auxiliary/admin/http Expand file tree Collapse file tree 1 file changed +5
-5
lines changed Original file line number Diff line number Diff line change @@ -14,10 +14,10 @@ def initialize(info = {})
1414 super ( update_info ( info ,
1515 'Name' => 'SysAid Help Desk Administrator Account Creation' ,
1616 'Description' => %q{
17- This module exploits a vulnerability in SysAid Help Desk that allows an
18- unauthenticated user to create an administrator account. Note that this
19- exploit will only work once! Any subsequent attempts will fail.
20- This module has been tested on SysAid 14.4 in Windows and Linux.
17+ This module exploits a vulnerability in SysAid Help Desk that allows an unauthenticated
18+ user to create an administrator account. Note that this exploit will only work once. Any
19+ subsequent attempts will fail. On the other hand, the credentials must be verified
20+ manually. This module has been tested on SysAid 14.4 in Windows and Linux.
2121 } ,
2222 'Author' =>
2323 [
@@ -56,7 +56,7 @@ def run
5656 } )
5757 if res && res . code == 200 && res . body . to_s =~ /Error while creating account/
5858 # No way to know whether this worked or not, it always says error
59- print_good ( "#{ peer } Created administrator account with credentials #{ datastore [ 'USERNAME' ] } #{ datastore [ 'PASSWORD' ] } )
59+ print_status ( "#{ peer } The new administrator #{ datastore [ 'USERNAME' ] } #{ datastore [ 'PASSWORD' ] } should be checked manually " )
6060 service_data = {
6161 address : rhost ,
6262 port : rport ,
You can’t perform that action at this time.
0 commit comments