up.time 7.5.0 Arbitrary File Disclose And Delete Exploit

vendor:

up.time

by:

Gjoko 'LiquidWorm' Krstic

8.8

CVSS

HIGH

Arbitrary File Disclose And Delete

CWE

Product Name: up.time

Affected Version From: 7.5.0 (build 16)

Affected Version To: 7.4.0 (build 13)

Patch Exists: NO

Related CWE: N/A

CPE: a:idera:up.time

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Jetty, PHP/5.4.34, MySQL, Apache/2.2.29 (Win64) mod_ssl/2.2.29 OpenSSL/1.0.1j PHP/5.4.34

2015

up.time 7.5.0 Arbitrary File Disclose And Delete Exploit

Input passed to the 'file_name' parameter in 'get2post.php' script is not properly sanitised before being used to get the contents of a resource and delete files. This can be exploited to read and delete arbitrary data from local resources with the permissions of the web server using a proxy tool.

Mitigation:

Input validation should be performed to ensure that untrusted data is not used to access local resources.

Source

Exploit-DB raw data:


up.time 7.5.0 Arbitrary File Disclose And Delete Exploit


Vendor: Idera Inc.
Product web page: http://www.uptimesoftware.com
Affected version: 7.5.0 (build 16) and 7.4.0 (build 13)

Summary: The next-generation of IT monitoring software.

Desc: Input passed to the 'file_name' parameter in 'get2post.php'
script is not properly sanitised before being used to get
the contents of a resource and delete files. This can be
exploited to read and delete arbitrary data from local
resources with the permissions of the web server using a
proxy tool.

Tested on: Jetty, PHP/5.4.34, MySQL
           Apache/2.2.29 (Win64) mod_ssl/2.2.29 OpenSSL/1.0.1j PHP/5.4.34


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2015-5253
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5253.php


29.07.2015

--


http://127.0.0.1:9999/wizards/get2post.php?file_name=C:\\test.txt