This module exploits an OS Command Injection to deploy an agent in Jetbrains TeamCity. The vulnerability is in the handleRequestInternal method of the BaseController class which allows bypass of authentication in HTTP requests with a path that return a 404 response and that contain an HTTP parameter named jsp. The path must end with the ".jsp" string and cannot contain the "admin/" string.
CVE Link
Exploit Type
Product Name