Title: up.time 7.5.0 Superadmin Privilege Escalation Exploit
Advisory ID: ZSL-2015-5251
Type: Local/Remote
Impact: Privilege Escalation
Risk: (4/5)
Release Date: 19.08.2015

Summary

The next-generation of IT monitoring software.

Description

up.time suffers from a privilege escalation issue. Normal user can elevate his/her privileges by sending a POST request seting the parameter 'userroleid' to 1. Attacker can exploit this issue using also cross-site request forgery attacks.

Vendor

Idera Inc. - http://www.uptimesoftware.com

Affected Version

7.5.0 (build 16) and 7.4.0 (build 13)

Tested On

Jetty, PHP/5.4.34, MySQL
Apache/2.2.29 (Win64) mod_ssl/2.2.29 OpenSSL/1.0.1j PHP/5.4.34

Vendor Status

[29.07.2015] Vulnerability discovered.
[06.08.2015] Vendor contacted.
[18.08.2015] No response from the vendor.
[19.08.2015] Public security advisory released.

PoC

uptime_pe.txt

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5254.php
[2] http://cxsecurity.com/issue/WLB-2015080120
[3] https://www.exploit-db.com/exploits/37885/
[4] https://packetstormsecurity.com/files/133252
[5] https://exchange.xforce.ibmcloud.com/vulnerabilities/105836

Changelog

[19.08.2015] - Initial release
[13.09.2015] - Added reference [2], [3], [4] and [5]

Contact

Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk