TSplus 16.0.2.14 – Remote Access Insecure Files and Folders Permissions

• Exploit Database
• 35 阅读

• 作者： shinnai
  日期： 2023-08-21
• 类别：

  • remote
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/51679/

• # Exploit Title: TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions
  # Date: 2023-08-09
  # Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia
  # Vendor Homepage: https://tsplus.net/
  # Version: Up to 16.0.2.14
  # Tested on: Windows
  # CVE : CVE-2023-31067
  
  TSplus Remote Access (v. 16.0.2.14) is an alternative to Citrix and 
  Microsoft RDS for remote desktop access and Windows application 
  delivery. Web-enable your legacy apps, create SaaS solutions or remotely 
  access your centralized corporate tools and files.
  The TSplus Remote Access solution comes with an embedded web server to 
  allow remote users to easely connect remotely.
  However, insecure file and folder permissions are set and this could 
  allow a malicious user to manipulate file content (e.g.: changing the 
  code of html pages or js scripts) or change legitimate files (e.g. 
  Setup-VirtualPrinter-Client.exe) in order to compromise a system or to 
  gain elevated privileges.
  
  This is the list of insecure files and folders with their respective 
  permissions:
  Everyone:(OI)(CF)(F) and Everyone(F)
  Permission: Everyone:(OI)(CI)(F)
  
  C:\Program Files (x86)\TSplus\Clients\www
  C:\Program Files (x86)\TSplus\Clients\www\addons
  C:\Program Files (x86)\TSplus\Clients\www\ConnectionClient
  C:\Program Files (x86)\TSplus\Clients\www\downloads
  C:\Program Files (x86)\TSplus\Clients\www\prints
  C:\Program Files (x86)\TSplus\Clients\www\RemoteAppClient
  C:\Program Files (x86)\TSplus\Clients\www\software
  C:\Program Files (x86)\TSplus\Clients\www\var
  C:\Program Files (x86)\TSplus\Clients\www\cgi-bin\remoteapp
  C:\Program Files (x86)\TSplus\Clients\www\downloads\shared
  C:\Program Files (x86)\TSplus\Clients\www\software\java
  C:\Program Files (x86)\TSplus\Clients\www\software\js
  C:\Program Files (x86)\TSplus\Clients\www\software\html5\jwres
  C:\Program Files (x86)\TSplus\Clients\www\software\html5\locales
  C:\Program Files (x86)\TSplus\Clients\www\software\html5\imgs\topmenu
  C:\Program Files (x86)\TSplus\Clients\www\software\html5\imgs\key\parts
  C:\Program Files (x86)\TSplus\Clients\www\software\java\img
  C:\Program Files (x86)\TSplus\Clients\www\software\java\third
  C:\Program Files (x86)\TSplus\Clients\www\software\java\img\cp
  C:\Program Files (x86)\TSplus\Clients\www\software\java\img\srv
  C:\Program Files (x86)\TSplus\Clients\www\software\java\third\images
  C:\Program Files (x86)\TSplus\Clients\www\software\java\third\js
  C:\Program Files 
  (x86)\TSplus\Clients\www\software\java\third\images\bramus
  C:\Program Files 
  (x86)\TSplus\Clients\www\software\java\third\js\prototype
  C:\Program Files (x86)\TSplus\Clients\www\var\log
  C:\Program Files (x86)\TSplus\UserDesktop\themes
  C:\Program Files (x86)\TSplus\UserDesktop\themes\BlueBar
  C:\Program Files (x86)\TSplus\UserDesktop\themes\Default
  C:\Program Files (x86)\TSplus\UserDesktop\themes\GreyBar
  C:\Program Files (x86)\TSplus\UserDesktop\themes\Logon
  C:\Program Files (x86)\TSplus\UserDesktop\themes\MenuOnTop
  C:\Program Files (x86)\TSplus\UserDesktop\themes\Seamless
  C:\Program Files (x86)\TSplus\UserDesktop\themes\ThinClient
  C:\Program Files (x86)\TSplus\UserDesktop\themes\Vista
  
  ------------------------------------------------------------------------------
  
  Permission: Everyone:(F)
  
  C:\Program Files (x86)\TSplus\Clients\www\all.min.css
  C:\Program Files (x86)\TSplus\Clients\www\custom.css
  C:\Program Files (x86)\TSplus\Clients\www\popins.css
  C:\Program Files (x86)\TSplus\Clients\www\robots.txt
  C:\Program Files 
  (x86)\TSplus\Clients\www\addons\Setup-VirtualPrinter-Client.exe
  C:\Program Files (x86)\TSplus\Clients\www\cgi-bin\hb.exe.config
  C:\Program Files 
  (x86)\TSplus\Clients\www\cgi-bin\SessionPrelaunch.Common.dll.config
  C:\Program Files (x86)\TSplus\Clients\www\cgi-bin\remoteapp\index.html
  C:\Program Files (x86)\TSplus\Clients\www\RemoteAppClient\index.html
  C:\Program Files (x86)\TSplus\Clients\www\software\common.css
  C:\Program Files 
  (x86)\TSplus\Clients\www\software\html5\jwres\jwwebsockify.jar
  C:\Program Files (x86)\TSplus\Clients\www\software\html5\jwres\web.jar
  C:\Program Files 
  (x86)\TSplus\Clients\www\software\html5\own\exitlist.html
  C:\Program Files 
  (x86)\TSplus\Clients\www\software\html5\own\exitupload.html
  C:\Program Files 
  (x86)\TSplus\Clients\www\software\html5\own\getlist.html
  C:\Program Files 
  (x86)\TSplus\Clients\www\software\html5\own\getupload.html
  C:\Program Files 
  (x86)\TSplus\Clients\www\software\html5\own\postupload.html
  C:\Program Files 
  (x86)\TSplus\Clients\www\software\html5\own\uploaderr.html
  C:\Program Files (x86)\TSplus\Clients\www\software\java\index.html
  C:\Program Files (x86)\TSplus\Clients\www\software\java\img\index.html
  C:\Program Files (x86)\TSplus\Clients\www\software\java\img\port.bin
  C:\Program Files (x86)\TSplus\Clients\www\software\java\third\jws.js
  C:\Program Files (x86)\TSplus\Clients\www\software\java\third\sha256.js
  C:\Program Files 
  (x86)\TSplus\Clients\www\software\java\third\js\prototype\prototype.js
  C:\Program Files (x86)\TSplus\Clients\www\software\js\jquery.min.js