Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-5752 PoC — Druva inSync Windows Client 路径遍历漏洞

Source
https://github.com/yevh/CVE-2020-5752-Druva-inSync-Windows-Client-6.6.3---Local-Privilege-Escalation-PowerShell-
Associated Vulnerability
Title:Druva inSync Windows Client 路径遍历漏洞 (CVE-2020-5752)
Description:Druva inSync Windows Client是美国Druva公司的一款Druva inSync端点数据保护解决方案的Windows客户端应用程序。 Druva inSync Windows Client 6.6.3版本中存在路径遍历漏洞。本地攻击者可利用该漏洞获取SYSTEM权限,执行任意操作系统命令。
Description
Druva inSync Windows Client 6.6.3 - Local Privilege Escalation (PowerShell) RCE
Readme
# CVE-2020-5752: Druva-inSync-Windows-Client-6.6.3---Local-Privilege-Escalation-PowerShell-
Druva inSync Windows Client 6.6.3 - Local Privilege Escalation (PowerShell)

Modified to get Reverse Shell with system privileges.
File Snapshot

 [4.0K]  /data/pocs/967468de82cd635759f947810d410a631517132a
├── [1.5K]  DruvaPE.ps1
└── [ 226]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.