.. / CVE-2016-7552

Exploit for Trend Micro Threat Discovery Appliance 2.6.1062r1 - Authentication Bypass (CVE-2016-7552)

Description:

Trend Micro Threat Discovery Appliance 2.6.1062r1 is vulnerable to a directory traversal vulnerability when processing a session_id cookie, which allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.

Nuclei Template

View the template here CVE-2016-7552.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2016/CVE-2016-7552.yaml

References:

https://github.com/ARPSyndicate/cvemon
https://gist.github.com/malerisch/5de8b408443ee9253b3954a62a8d97b4
https://github.com/rapid7/metasploit-framework/pull/8216/commits/0f07875a2ddb0bfbb4e985ab074e9fc56da1dcf6
https://nvd.nist.gov/vuln/detail/CVE-2016-7552
https://github.com/ARPSyndicate/kenzer-templates

.. / CVE-2016-7552 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Trend Micro Threat Discovery Appliance 2.6.1062r1 - Authentication Bypass (CVE-2016-7552)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2016-7552