HP Managed Printing Administration jobAcct Remote Command Execution
https://packetstormsecurity.com/files/122471/hp_mpa_job_acct.rb.txt
https://packetstormsecurity.com/files/122471/hp_mpa_job_acct.rb.txthttps://packetstormsecurity.com/files/122471/HP-Managed-Printing-Administration-jobAcct-Remote-Command-Execution.htmlThu, 18 Jul 2013 19:02:07 GMTThis Metasploit module exploits an arbitrary file upload vulnerability on HP Managed Printing Administration 2.6.3 (and before). The vulnerability exists in the UploadFiles() function from the MPAUploader.Uploader.1 control, loaded and used by the server. The function can be abused via directory traversal and null byte injection in order to achieve arbitrary file upload.