exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

CollabNet Subversion Edge Management Tail LFI

CollabNet Subversion Edge Management Tail LFI
Posted Jun 30, 2015
Authored by otr

The CollabNet Subversion Edge Management Frontend allows authenticated admins to read arbitrary local files via logfile "filename" parameter of the tail action. Fixed in version 5.0. Version 4.0.11 is affected.

tags | exploit, arbitrary, local, file inclusion
SHA-256 | 3a33fc1ca00a370d70ae632d4e5ff2d50d6aebfcfe2f943cfc2b1fac21f6187a

CollabNet Subversion Edge Management Tail LFI

Change Mirror Download
# Vuln Title: Local file inclusion in CollabNet Subversion Edge Management
# Frontend via logfile "fileName" parameter of the "tail" action
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: Local file inclusion
#
# Risk: Medium
# Status: public/fixed
# Fixed version: 5.0

Timeline:

2014-10-09 Flaw Discovered
2014-10-20 Vendor contacted
2014-10-21 Vendor response
2014-12-08 Vendor fix proposal
2014-12-08 Extension of embargo to 19.4.2015
2015-05-04 Extension of embargo until release of version 5.0
2015-05-18 Release of version 5.0 and public disclosure

Summary:

The CollabNet Subversion Edge Management Frontend allows authenticated admins to
read arbitrary local files via logfile "fileName" parameter of the "tail" action

Vulnerability:

Sample URL:
https://example.com:4434/csvn/log/tail?fileName=..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd&startIndex=0

Fix proposal:

Remove feature or santizes the fileName parameter so that no path traversals and
arbitrary file inclusions are possible.

Vendor fix:

[...] now allow only showing hooks/logs within the intended directories.
Login or Register to add favorites

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    11 Files
  • 8
    Dec 8th
    45 Files
  • 9
    Dec 9th
    9 Files
  • 10
    Dec 10th
    6 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close