This module uses a reverse proxy bypass vulnerability to access restricted endpoints as declared in the analytics-proxy.conf file. Also, it uses an unauthenticated file upload vulnerability present in the DataAppAgentController class, when using the action=collect parameter. The deployed agent will run with root privileges.
CVE Link
Exploit Platform
Product Name