EMC Data Protection Advisor DPA Illuminator EJBInvokerServlet Remote Code Execution
tested against: Microsoft Windows Server 2008 r2 sp1 EMC Data Protection Advisor 5.8 sp5 vulnerability: the "DPA Illuminator" service (DPA_Illuminator.exe) listening on public port 8090 (tcp/http) and 8453 (tcp/https) is vulnerable. It exposes the following servlet: http://[host]:8090/invoker/EJBInvokerServlet https://[host]:8453//invoker/EJBInvokerServlet due to a bundled invoker.war The result is remote code execution with NT AUTHORITY\SYSTEM privileges. proof of concept url: http://retrogod.altervista.org/9sg_ejb.html ~rgod~