WebNMS Framework 5.2SP1 Text File Download

Summary

WebNMS is an industry-leading used to build network management applications architecture. The File Download feature does not require login you can download any text, non-binary file.

Vulnerability details

FetchFile to allow not logged in download the file, but only the text content of the file can be downloaded correctly. Submit the following Get request:

GET /servlets/FetchFile? fileName=…/…/…/etc/shadow

Note: Get the requested file name cannot contain : ? * | " < > And other symbols. The software has a Windows version, the Windows platform can only download the software installation directory where the drive letter in the file because you can not use colon in.

Download the official Windows trial version software testing by: http://www.webnms.com/webnms/14107380/WebNMS_Framework_5_STD_Windows.exe

Other information

• Vulnerability discovered by: Pedro Ribeiro
• CVE number: CVE-2016-6601
• Affect version:<= 5. 2SP1