Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Directory Traversal Vulnerability in HP Web JetAdmin - exploit.company
header-logo
Suggest Exploit
vendor:
HP Web JetAdmin
by:
Unknown
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: HP Web JetAdmin
Affected Version From: HP Web JetAdmin version 7.5.2546
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE: a:hp:web_jetadmin:7.5.2546
Metasploit:
Other Scripts:
Platforms Tested: Windows
Unknown

Directory Traversal Vulnerability in HP Web JetAdmin

HP Web JetAdmin is prone to a directory traversal vulnerability that allows remote attackers to access information outside the server root directory. This vulnerability occurs due to insufficient sanitization of user-supplied data passed via the 'setinclude' parameter of the 'setinfo.hts' script. Attackers can exploit this vulnerability to upload malicious files and gain unauthorized access to a vulnerable server.

Mitigation:

It is recommended to update to the latest version of HP Web JetAdmin to mitigate this vulnerability. Additionally, input validation and sanitization should be implemented to prevent directory traversal attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9972/info

It has been reported that HP Web JetAdmin may be prone to a directory traversal vulnerability allowing remote attackers to access information outside the server root directory. The problem exists due to insufficient sanitization of user-supplied data passed via the 'setinclude' parameter of 'setinfo.hts' script.

This vulnerability can be combined with HP Web Jetadmin Firmware Update Script Arbitrary File Upload Weakness (BID 9971) to upload malicious files to a vulnerable server in order to gain unauthorized access to a host. 

This issue has been tested with an authenticated account on HP Web Jetadmin version 7.5.2546 running on a Windows platform.

https://www.example.com:8443/plugins/hpjdwm/script/test/setinfo.hts?setinclude=../../../../../../../boot.ini
https://www.example.com:8443/plugins/hpjdwm/script/test/setinfo.hts?setinclude=../../../../../auth/local.users
https://www.example.com:8443/plugins/hpjdwm/script/test/setinfo.hts?setinclude=../../../hpjwja/firmware/printer/test.inc

Navigation

Suggest Exploit

Services By CQR