Infragistics WebHtmlEditor 7.1 - Multiple Vulnerabilities

ID EDB-ID:11414
Type exploitdb
Reporter SpeeDr00t
Modified 2010-02-12T00:00:00


Infragistics WebHtmlEditor.v7.1 Multiple Vulnerabilities. Webapps exploit for asp platform

Infragistics WebHtmlEditor.v7.1(InitialDirectory,iged_uploadid ) directory Traversal  and Arbitrary File upload vulnerability

proof of concept by KyoungChip, Jang ( SpeeDr00t )

[*] the bug    
    : directory Traversal  and Arbitrary File upload vulnerability

[*] application
    : Infragistics WebHtmlEditor.v7.1

[*] Vendor URL  

[*] homepage
[*] company
    : sk юн4sec

[*] Group
    : canvasTeam@SpeeDr00t

[*] Thank for
    : my wife(en hee) , my son(ju en, do en ), Zero-0x77, hoon

# directory Traversal  vulnerability

A directory traversal vulnerability exists in Infragistics WebHtmlEditor.v7.1
which allows a remote user to view files local to the target server.

The parameters of the InitialDirectory ( InitialDirectory =../../ )
This form of attack can be manipulated directory travel.

poc ) InitialDirectory = ../../


# Arbitrary File upload vulnerability
The parameters of the InsertImage the iged_uploadid can upload image files, but
Open an attacker to change the parameters iged_uploadid Arbitrary File upload it enables.