EMC Data Protection Advisor DPA Illuminator EJBInvokerServlet Remote Code
Execution
tested against: Microsoft Windows Server 2008 r2 sp1
EMC Data Protection Advisor 5.8 sp5
vulnerability:
the "DPA Illuminator" service (DPA_Illuminator.exe) listening
on public port 8090 (tcp/http) and 8453 (tcp/https) is vulnerable.
It exposes the following servlet:
http://[host]:8090/invoker/EJBInvokerServlet
https://[host]:8453//invoker/EJBInvokerServlet
due to a bundled invoker.war
The result is remote code execution with NT AUTHORITY\SYSTEM
privileges.
proof of concept url:
http://retrogod.altervista.org/9sg_ejb.html
~rgod~
