Vulners
Lucene search
gwextranet-include.txt
`GWextranet Multiple Vulnerabilites
Vendor: Messaging Architects
http://www.gwtools.com/en/gwextranet/eval/
http://www.example/gwextranet/scp.dll/sendto?user=calendar+of+events&mid=474020FA.GWEMAIL_DEPOT.SDEPO.100.167656B.1.1B00.1&template=.././../../boot.ini%00
http://www.example.com/gwextranet/scp.dll/nbfile?user=calendar%20of%20events&format=&mid=46FA2724.GWEMAIL_DEPOT.SDEPO.100.167656B.1.198E.1&folder=Calendar&altcolor=cccccc&template=gwextra&caldays=1&startday=&file=../scp.dll
Just about any action module that request a template or file you can include a file from elsewhere on the server. I was able to refer to the manual on GwExtranet to obtain all the files that utilize the file and template paramenters. They are List, Monthcal, Item, frmonth, week, frameset, fhead, frlist, getvcs, Xlist, nblist,
nbitem, nbfile, directory, xlist, sendto, Xweek, Xmonth, And finally Xitem.
The compose module allows you to add new events to a specific group, but allows for Script code to be injected inside. The result of say...a well placed body onload event effectively defaces the front page until the month is over. (when the event calendar rolls over to a new month).
Vendor Notified (they refused to give me a direct line), no patch yet.
Happy Hacking!
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
26 Nov 2007 00:00Current
7.4High risk
Vulners AI Score7.4