QuesCom Qportal User 5.10.014 Source Disclosure

2011-12-09T00:00:00
ID PACKETSTORM:107665
Type packetstorm
Reporter Ewerson Guimaraes
Modified 2011-12-09T00:00:00

Description

                                        
                                            `[Discussion]  
- DcLabs Security Research Group advises about the following vulnerability(ies):  
[Software]  
- QuesCom Qportal User  
[Vendor Product Description]  
- No vendor product description  
- Site: http://www.quescom.com/  
[Advisory Timeline]  
- 12/01/2011 -> First Contact requesting security department contact;-  
12/01/2011 -> Vendor reply .- 12/01/2011 -> Adv. sent to vendor.-  
12/05/2011 -> Vendor reply .- 12/05/2011 -> Video sent to vendor .-  
12/06/2011 -> Vendor reply .- 12/07/2011 -> Published  
  
[Bug Summary]  
- Asp source code disclosure  
[Impact]  
- High  
[Affected Version]  
- Version:5.10.014  
[Bug Description and Proof of Concept]  
Attackers use source code disclosure attacks to try to obtain the  
source code of server-side applications. The basic role of Web servers  
is to serve files as requested by clients. Files can be static, such  
as image and HTML files, or dynamic, such as ASP, JSP and PHP files.  
When the browser requests a dynamic file, the Web server first  
executes the file and then returns the result to the browser. Hence,  
dynamic files are actually code executed on the Web server.  
http://www.imperva.com/resources/glossary/source_code_disclosure.html  
  
  
POC  
http://server/remotefile.asp%20http://server/remotefile.asp::$DATA  
Characters other than %20 and ::$DATE may also be used to disclose the  
source code.  
All flaws described here were discovered and researched by:  
Ewerson Guimaraes aka CrashDcLabs Security Research Groupcrash (at)  
dclabs <dot> com <dot> br  
[Patch(s) / Workaround]  
Version 6.21 fixes the issue.  
[Greetz]DcLabs Security Research Group.  
--  
Ewerson Guimaraes (Crash)  
Pentester/Researcher  
DcLabs Security Team  
www.dclabs.com.br  
`