Air Drive Plus Multiple Input Validation Vulnerabilities

vendor:

Air Drive Plus

by:

SecurityFocus

7,5

CVSS

HIGH

Local File-Include, Arbitrary File-Upload, and HTML-Injection

20, 434, 79

CWE

Product Name: Air Drive Plus

Affected Version From: Air Drive Plus 2.4

Affected Version To: Air Drive Plus 2.4

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2013

Air Drive Plus Multiple Input Validation Vulnerabilities

Air Drive Plus is prone to multiple input validation vulnerabilities including a local file-include vulnerability, an arbitrary file-upload vulnerability, and an HTML-injection vulnerability. An attacker can exploit these issues to upload arbitrary files onto the web server, execute arbitrary local files within the context of the web server, obtain sensitive information, execute arbitrary script code within the context of the browser, and steal cookie-based authentication credentials.

Mitigation:

Input validation should be performed to ensure that user-supplied data is properly sanitized and filtered before being used in the application.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/61081/info

Air Drive Plus is prone to multiple input validation vulnerabilities including a local file-include vulnerability, an arbitrary file-upload vulnerability, and an HTML-injection vulnerability.

An attacker can exploit these issues to upload arbitrary files onto the web server, execute arbitrary local files within the context of the web server, obtain sensitive information, execute arbitrary script code within the context of the browser, and steal cookie-based authentication credentials.

Air Drive Plus 2.4 is vulnerable; other versions may also be affected. 

<tr><td><img src="Air%20Drive%20-%20Files_files/file.png" height="20px" width="20px"></td><td><a target="_blank" 
href="http://www.example.com/AirDriveAction_file_show/;/private/var/mobile/Applications";>;/private/var/mobile/Applications/</a></td>
<td>27,27KB</td><td align="center">2013-07-08 23:07:52</td><td align="center">
<a onclick="javascript:delfile("/private/var/mobile/Applications");" class="transparent_button">Delete</a></td></tr>

<tr><td><img src="Air%20Drive%20-%20Files_files/file.png" height="20px" width="20px"></td><td><a target="_blank" 
href="http://www.example.com/AirDriveAction_file_show/1337.png.gif.php.js.html";>1337.png.gif.php.js.html</a></td>
<td>27,27KB</td><td align="center">2013-07-08 23:07:52</td><td align="center"><a 
onclick="javascript:delfile("1337.png.gif.php.js.html");" 
class="transparent_button">Delete</a></td></tr>

<tr><td><img src="Air%20Drive%20-%20Files_files/file.png" height="20px" width="20px"></td><td><a target="_blank" 
href="http://www.example.com/AirDriveAction_file_show/[PERSISTENT INJECTED SCRIPT CODE!]1337.png">[PERSISTENT 
INJECTED SCRIPT CODE!]1337.png</a></td><td>27,27KB</td><td align="center">
2013-07-08 23:07:52</td><td align="center"><a onclick="javascript:delfile("[PERSISTENT INJECTED SCRIPT 
CODE!]1337.png");" class="transparent_button">Delete</a></td></tr>