what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Adobe Connect 11.4.5 / 12.1.5 Local File Disclosure

Adobe Connect 11.4.5 / 12.1.5 Local File Disclosure
Posted Mar 20, 2023
Authored by h4shur

Adobe Connect versions 11.4.5 and below as well as versions 12.1.5 and below suffer from a file disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2023-22232
SHA-256 | 230d9930fbdec26e4628f0385522c78b426bd6ed51e29a6e47c431fd60fb961b

Adobe Connect 11.4.5 / 12.1.5 Local File Disclosure

Change Mirror Download
# Title: adobe connect - Local File Disclosure / Download [security feature
bypass vulnerability]
# Author: h4shur
# date:2021.01.16-2023.02.17
# CVE: CVE-2023-22232
# Vendor Homepage: https://www.adobe.com
# Software Link: https://www.adobe.com/products/adobeconnect.html
# Version: 11.4.5 and earlier, 12.1.5 and earlier
# User interaction: None
# Tested on: Windows 10 & Google Chrome, kali linux & firefox

### Summary:
Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) are
affected by an Improper Access Control vulnerability that could result in a
Security feature bypass. An attacker could leverage this vulnerability to
impact the integrity of a minor feature.
Exploitation of this issue does not require user interaction.

### Description :
There are many web applications in the world, each of which has
vulnerabilities due to developer errors, and this is a problem for all of
them, and even the best of them, like the "adobe connect" program, have
vulnerabilities that occur every month. They are found and fixed by the
team.
* What is LFD bug?
LFD bug stands for Local File Disclosure / Download, which generally allows
the attacker to read and download files within the server, so it can be
considered a very dangerous bug in the web world and programmers must be
aware of it. Be careful and maintain security against this bug
* Intruder access level with LFD bug
The level of access using this bug can be even increased to the level of
access to the website database in such a way that the hacker reads
sensitive files inside the server that contain database entry information
and enters the database and by extracting the information The admin will
have a high level of access
* Identify vulnerable sites
To search for LFD bugs, you should check the site inputs. If there is no
problem with receiving ./ characters, you can do the test to read the files
inside the server if they are vulnerable. Enter it and see if it is read or
not, or you can use files inside the server such as / etc / passwd / .. and
step by step using ../ to return to the previous path to find the passwd
file
* And this time the "lfd" in "adobe connect" bug:
To download and exploit files, you must type the file path in the
"download-url" variable and the file name and extension in the "name"
variable.
You can download the file by writing the file path and file name and
extension.
When you have written the file path, file name and extension in the site
address variables, a download page from Adobe Connect will open for you,
with "Save to My Computer
file name]" written in the download box and a file download link at the
bottom of the download box, so you can download the file.
* There are values inside the url that do not allow a file other than this
file to be downloaded.
* Values: sco_id and tickets
But if these values are cleared, you will see that reloading is possible
without any obstacles
At another address, you can download multiple files as a zip file.
We put the address of the files in front of the variable "ffn" and if we
want to add the file, we add the variable "ffn" again and put the address
of the file in front of it. The "download_type" variable is also used to
specify the zip extension.

### POC :
https://target.com/[folder]/download?download-url=[URL]&name=[file.type]
https://target.com/[folder]/download?output=output&download_type=[Suffix]&ffn=[URL]&baseContentUrl=[base
file folder]

### References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22232
https://nvd.nist.gov/vuln/detail/CVE-2023-22232
https://helpx.adobe.com/security/products/connect/apsb23-05.html
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close