Interscan Web Security Virtual Appliance 5.0 – Arbitrary File Download

  • 作者: Ivan Huertas
    日期: 2010-06-23
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/14001/
  • # Exploit Title: Arbitrary File Download in InterScan Web Security
    Virtual Appliance 5.0
    # Date: 22-06-2010
    # Author: Ivan Huertas
    # Software Link:
    http://downloadcenter.trendmicro.com/index.php?clk=tbl&clkval=249®s=NABU?_loc=1
    # Version: 5.0
    # Tested on: Red Hat Nash 5.1
    
    Vulnerability Description:
    The vulnerability is caused due to an improper check in “com.trend.iwss.gui.servlet.exportreport”
    servlet, allowing the download of arbitrary files. Using a path traversal technique, an attacker can
    change the original path to the file, modifying the parameter “exportname”.
    Servlet “com.trend.iwss.gui.servlet.ConfigBackup” is also affected by this vulnerability in the
    parameter “pkg_name”
    
    
    Download:
    https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/14001.pdf (cybsec_advisory_2010_0606_InterScan_Web_Security_5_0_Arbitrary_File_Download.pdf)