Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
CVE-2017-6564 and CVE-2017-6565
U235.io
>> [Suggested description]
>> On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices,
>> the Guest user, which contains the lowest privileges, can post to the
>> idSourceFileName parameter found within the /download directory. This
>> ability allows for an attacker to download sensitive system files from
>> the host machine such as databases which contain information that can
>> aid in further attacks.
>
> Use CVE-2017-6564.
>> [Suggested description]
>> On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices,
>> the roleDiag user, which can be obtained by exploiting CVE-2013-7247,
>> has the ability to upload files to the server hosting the web service.
>> As no sanitization checks are in place, an attacker can upload a
>> malicious payload.
>
> Use CVE-2017-6565.
John Stickle
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.