HP SiteScope Remote Code Execution Exploit

This module exploits two vulnerabilities in HP SiteScope to gain remote code execution. The first vulnerability is an authentication bypass in the getSiteScopeConfiguration operation available through the APISiteScopeImpl AXIS service to grab the administrator credentials from the server running HP SiteScope. The second vulnerability is a directory traversal in the UploadFileHandler url that allows to upload files to the server into a directory that allows for scripting.
Exploit type: 
Platform: 
Vulnerabilty ID: 
NOCVE-9999-54993
Product Version: 
12.5
Released Date: 
Wednesday, October 17, 2012 - 00:00