Syncovery allows an authenticated user to create jobs, which are executed before/after a profile is run. Successful exploitation results in remote code execution under the context of the root user. This module exploits an authenticated command injection vulnerability in the Web GUI of Syncovery File Sync & Backup Software for Linux. tags | exploit, remote, web, arbitrary, root, code execution systems | linux advisories | CVE-2022-36534 SHA-256 | b41779b455720b7b8cb72926f609166a1f6c239f4d750374145be32ae680ed11 Download | Favorite | ViewĬlass MetasploitModule 'Syncovery For Linux Web-GUI Authenticated Remote Command Execution', All Syncovery versions prior to v9.48j are vulnerable including all versions of branch 8. The vulnerability is known to work on Linux platforms. The profile and its log file will be deleted afterwards to disguise the attack. A valid username and password or a session token is needed to exploit the vulnerability. Jobs can contain arbitrary system commands and will be executed as root. This Metasploit module exploits an authenticated command injection vulnerability in the Web GUI of Syncovery File Sync and Backup Software for Linux. This is a service we are more than happy to recommend.Syncovery For Linux Web-GUI Authenticated Remote Command Execution Syncovery For Linux Web-GUI Authenticated Remote Command Execution Posted Authored by Jan Rude | Site You have the option of a 30 day trial period and it takes much less than this to be convinced of its value. They put you in the driver’s seat with their unbeatable array of features, and their security is essential to all those with lingering concerns about the safety of using cloud storage. Syncovery is the ideal choice to all home and small business users for cloud storage support. They also have a FAQs page that includes versions for advanced and basic users. Syncovery offer basic email support that is extremely responsive. This is a crucial security element as many cloud storage providers don’t offer this. You can easily compress your files and encrypt them with military grade 256-bit AES encryption before transfer. Syncovery have unbeatable security compression and encryption measures. This includes various Internet protocols, including FTP, FTPS, SFTP/SSH, WebDAV, SSL, and HTTP. Moreover, they offer comprehensive internet support. Additionally, there are numerous ways to select files and folders, and you can create file masks and filters in order to navigate your file bank with ease. Here, all relevant synchronization choices can be made in advance in the profile settings. Additionally, you can choose if you want them to occur during computer downtime or just before shutdown so as to minimize inconvenience to you. It includes a scheduler so you can decide if you want synchronizations to occur on a fixed schedule either daily, weekly or monthly. Sycovery’s synchronizer allows you to change the settings to ignore time zone changes. If you are travelling and making changes to files, it can appear like the changes made would be at a different time to when you are actually working due to conflicts with time zones to the files you have back home.
0 Comments
Leave a Reply. |