Lucene search
Carlo Di DatoPACKETSTORM:174275HistoryAug 22, 2023 - 12:00 a.m.
TSPlus 16.0.2.14 Insecure Permissions
2023-08-2200:00:00
Carlo Di Dato
packetstormsecurity.com
124
exploit
remote access
insecure files and folders
permissions
windows
cve-2023-31067
tsplus
web server
malicious user
elevated privileges
`# Exploit Title: TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions
# Date: 2023-08-09
# Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia
# Vendor Homepage: https://tsplus.net/
# Version: Up to 16.0.2.14
# Tested on: Windows
# CVE : CVE-2023-31067
TSplus Remote Access (v. 16.0.2.14) is an alternative to Citrix and
Microsoft RDS for remote desktop access and Windows application
delivery. Web-enable your legacy apps, create SaaS solutions or remotely
access your centralized corporate tools and files.
The TSplus Remote Access solution comes with an embedded web server to
allow remote users to easely connect remotely.
However, insecure file and folder permissions are set and this could
allow a malicious user to manipulate file content (e.g.: changing the
code of html pages or js scripts) or change legitimate files (e.g.
Setup-VirtualPrinter-Client.exe) in order to compromise a system or to
gain elevated privileges.
This is the list of insecure files and folders with their respective
permissions:
Everyone:(OI)(CF)(F) and Everyone(F)
Permission: Everyone:(OI)(CI)(F)
C:\Program Files (x86)\TSplus\Clients\www
C:\Program Files (x86)\TSplus\Clients\www\addons
C:\Program Files (x86)\TSplus\Clients\www\ConnectionClient
C:\Program Files (x86)\TSplus\Clients\www\downloads
C:\Program Files (x86)\TSplus\Clients\www\prints
C:\Program Files (x86)\TSplus\Clients\www\RemoteAppClient
C:\Program Files (x86)\TSplus\Clients\www\software
C:\Program Files (x86)\TSplus\Clients\www\var
C:\Program Files (x86)\TSplus\Clients\www\cgi-bin\remoteapp
C:\Program Files (x86)\TSplus\Clients\www\downloads\shared
C:\Program Files (x86)\TSplus\Clients\www\software\java
C:\Program Files (x86)\TSplus\Clients\www\software\js
C:\Program Files (x86)\TSplus\Clients\www\software\html5\jwres
C:\Program Files (x86)\TSplus\Clients\www\software\html5\locales
C:\Program Files (x86)\TSplus\Clients\www\software\html5\imgs\topmenu
C:\Program Files (x86)\TSplus\Clients\www\software\html5\imgs\key\parts
C:\Program Files (x86)\TSplus\Clients\www\software\java\img
C:\Program Files (x86)\TSplus\Clients\www\software\java\third
C:\Program Files (x86)\TSplus\Clients\www\software\java\img\cp
C:\Program Files (x86)\TSplus\Clients\www\software\java\img\srv
C:\Program Files (x86)\TSplus\Clients\www\software\java\third\images
C:\Program Files (x86)\TSplus\Clients\www\software\java\third\js
C:\Program Files
(x86)\TSplus\Clients\www\software\java\third\images\bramus
C:\Program Files
(x86)\TSplus\Clients\www\software\java\third\js\prototype
C:\Program Files (x86)\TSplus\Clients\www\var\log
C:\Program Files (x86)\TSplus\UserDesktop\themes
C:\Program Files (x86)\TSplus\UserDesktop\themes\BlueBar
C:\Program Files (x86)\TSplus\UserDesktop\themes\Default
C:\Program Files (x86)\TSplus\UserDesktop\themes\GreyBar
C:\Program Files (x86)\TSplus\UserDesktop\themes\Logon
C:\Program Files (x86)\TSplus\UserDesktop\themes\MenuOnTop
C:\Program Files (x86)\TSplus\UserDesktop\themes\Seamless
C:\Program Files (x86)\TSplus\UserDesktop\themes\ThinClient
C:\Program Files (x86)\TSplus\UserDesktop\themes\Vista
------------------------------------------------------------------------------
Permission: Everyone:(F)
C:\Program Files (x86)\TSplus\Clients\www\all.min.css
C:\Program Files (x86)\TSplus\Clients\www\custom.css
C:\Program Files (x86)\TSplus\Clients\www\popins.css
C:\Program Files (x86)\TSplus\Clients\www\robots.txt
C:\Program Files
(x86)\TSplus\Clients\www\addons\Setup-VirtualPrinter-Client.exe
C:\Program Files (x86)\TSplus\Clients\www\cgi-bin\hb.exe.config
C:\Program Files
(x86)\TSplus\Clients\www\cgi-bin\SessionPrelaunch.Common.dll.config
C:\Program Files (x86)\TSplus\Clients\www\cgi-bin\remoteapp\index.html
C:\Program Files (x86)\TSplus\Clients\www\RemoteAppClient\index.html
C:\Program Files (x86)\TSplus\Clients\www\software\common.css
C:\Program Files
(x86)\TSplus\Clients\www\software\html5\jwres\jwwebsockify.jar
C:\Program Files (x86)\TSplus\Clients\www\software\html5\jwres\web.jar
C:\Program Files
(x86)\TSplus\Clients\www\software\html5\own\exitlist.html
C:\Program Files
(x86)\TSplus\Clients\www\software\html5\own\exitupload.html
C:\Program Files
(x86)\TSplus\Clients\www\software\html5\own\getlist.html
C:\Program Files
(x86)\TSplus\Clients\www\software\html5\own\getupload.html
C:\Program Files
(x86)\TSplus\Clients\www\software\html5\own\postupload.html
C:\Program Files
(x86)\TSplus\Clients\www\software\html5\own\uploaderr.html
C:\Program Files (x86)\TSplus\Clients\www\software\java\index.html
C:\Program Files (x86)\TSplus\Clients\www\software\java\img\index.html
C:\Program Files (x86)\TSplus\Clients\www\software\java\img\port.bin
C:\Program Files (x86)\TSplus\Clients\www\software\java\third\jws.js
C:\Program Files (x86)\TSplus\Clients\www\software\java\third\sha256.js
C:\Program Files
(x86)\TSplus\Clients\www\software\java\third\js\prototype\prototype.js
C:\Program Files (x86)\TSplus\Clients\www\software\js\jquery.min.js
`
Related
cve
cve
CVE-2023-31067
2023-09-11 19:15:41
CVE-2023-27133
2023-10-17 16:15:10
zdt
zdt
prion
prion
Design/Logic Flaw
2023-09-11 19:15:00
Privilege escalation
2023-10-17 16:15:00
cvelist
cvelist
CVE-2023-31067
2023-09-11 00:00:00
CVE-2023-27133
2023-10-17 00:00:00
exploitdb
exploitdb
TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions
2023-08-21 00:00:00
Related for PACKETSTORM:174275