0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Cloupia End-to-end FlexPod Management Directory Traversal
[*Cloupia End-to-end FlexPod Management - Directory Traversal Vulnerability***
*Vulnerability Information*
Class: Directory Traversal
Remotely Exploitable: Yes
Locally Exploitable: Yes
*Software Description*
Provides end-to-end FlexPod management and automation across physical,
virtual, compute, storage and network resources.
Create internal private clouds rapidly with internal standards and
procedures to maximize the infrastructure investments.
Provides comprehensive physical and virtual infrastructure management and
automation.
Provides unified solution and single pane of glass for consistent and
connected experience across private, public & hybrid clouds.
*Vulnerability Description*
jQuery File Tree is a configurable, AJAX file browser plugin for the jQuery
javascript library utilised within the Cloupia application framework.
Unauthenticated access to this module allows a remote attacker to browse
the entire file system of the host server, beyond the realm of the web
service itself.
Cloupia are aware of this flaw and are releasing a patch to mitigate
access. End users are urged to update immediately by contacting the vendor.
http://www.cloupia.com
* **Technical Description*
The following process performed as an attacker to exploit this
vulnerability would be as follows:
The code for the jQuery File Tree Java-Server-Page file reads as follows:
<%@ page
import="java.io.File,java.io.FilenameFilter,java.util.Arrays"%>
<%
/**
* jQuery File Tree JSP Connector
* Version 1.0
* Copyright 2008 Joshua Gould
* 21 April 2008
*/
String dir = request.getParameter("dir");
if (dir == null) {
return;
}
if (dir.charAt(dir.length()-1) == '\\') {
dir = dir.substring(0, dir.length()-1) + "/";
} else if (dir.charAt(dir.length()-1) != '/') {
dir += "/";
}
if (new File(dir).exists()) {
String[] files = new File(dir).list(new FilenameFilter() {
public boolean accept(File dir, String name) {
return name.charAt(0) != '.';
}
});
Arrays.sort(files, String.CASE_INSENSITIVE_ORDER);
out.print("<ul class=\"jqueryFileTree\" style=\"display:
none;\">");
// All dirs
for (String file : files) {
if (new File(dir, file).isDirectory()) {
out.print("<li class=\"directory
collapsed\"><a href=\"#\" rel=\"" + dir + file + "/\">"
+ file + "</a></li>");
}
}
// All files
for (String file : files) {
if (!new File(dir, file).isDirectory()) {
int dotIndex = file.lastIndexOf('.');
String ext = dotIndex > 0 ?
file.substring(dotIndex + 1) : "";
out.print("<li class=\"file ext_" + ext +
"\"><a href=\"#\" rel=\"" + dir + file + "\">"
+ file + "</a></li>");
}
}
out.print("</ul>");
}
%>
# 0day.today [2024-11-16] #