bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/remote/51680.txt
Exploit-DB e07f33f24d DB: 2023-08-22 
17 changes to exploits/shellcodes/ghdb

EuroTel ETL3100 - Transmitter Authorization Bypass (IDOR)
EuroTel ETL3100 - Transmitter Default Credentials
EuroTel ETL3100 - Transmitter Unauthenticated Config/Log Download

Color Prediction Game v1.0 - SQL Injection

Crypto Currency Tracker (CCT) 9.5 - Admin Account Creation (Unauthenticated)

Dolibarr Version 17.0.1 - Stored XSS

Global - Multi School Management System Express v1.0- SQL Injection

OVOO Movie Portal CMS v3.3.3 - SQL Injection

PHPJabbers Business Directory Script v3.2 - Multiple Vulnerabilities

Taskhub CRM Tool 2.8.6 - SQL Injection

Inosoft VisiWin 7 2022-2.1 - Insecure Folders Permissions
TSPlus 16.0.0.0 - Remote Work Insecure Credential storage
TSplus 16.0.0.0 - Remote Work Insecure Files and Folders
TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions

Linux/x64 - memfd_create ELF loader Shellcode (170 bytes)
2023-08-22 00:16:22 +00:00

103 lines
No EOL
4.5 KiB
Text
Raw Permalink Blame History

# Exploit Title: TSplus 16.0.0.0 - Remote Work Insecure Files and Folders Permissions
# Date: 2023-08-09
# Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia
# Vendor Homepage: https://tsplus.net/
# Version: Up to 16.0.0.0
# Tested on: Windows
# CVE : CVE-2023-31068
With TSPlus Remote Work (v. 16.0.0.0) you can create a secure single
sign-on web portal and remote desktop gateway that enables users to
remotely access the console session of their office PC.
The solution comes with an embedded web server to allow remote users to
easely connect remotely.
However, insecure file and folder permissions are set, and this could
allow a malicious user to manipulate file content (e.g.: changing the
code of html pages or js scripts) or change legitimate files (e.g.
Setup-RemoteWork-Client.exe) in order to compromise a system or to gain
elevated privileges.
This is the list of insecure files and folders with their respective
permissions:
Permission: Everyone:(OI)(CI)(F)
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\cgi-bin
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\download
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\downloads
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\prints
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\var
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\cgi-bin\remoteapp
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\downloads\shared
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\html5
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\js
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\html5\imgs
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\html5\jwres
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\html5\locales
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\html5\own
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\html5\imgs\des
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\html5\imgs\key
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\html5\imgs\topmenu
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\html5\imgs\key\parts
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java\img
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java\third
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\java\img\cp
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\java\img\srv
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\java\third\images
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\java\third\js
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\java\third\images\bramus
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\java\third\js\prototype
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\var\log
-------------------------------------------------------------------------------------------
Permission: Everyone:(F)
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\robots.txt
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\cgi-bin\hb.exe.config
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\cgi-bin\SessionPrelaunch.Common.dll.config
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\cgi-bin\remoteapp\index.html
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\download\common.js
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\download\lang.js
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\download\Setup-RemoteWork-Client.exe
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\html5\jwres\jwwebsockify.jar
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\html5\jwres\web.jar
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\html5\own\exitlist.html
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\html5\own\exitupload.html
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\java\index.html
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\java\img\index.html
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\java\img\port.bin
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\java\third\jws.js
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\java\third\sha256.js
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\java\third\js\prototype\prototype.js
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\js\jquery.min.js
Reference in a new issue View git blame Copy permalink