AirDrive HD Local File Include and Arbitrary File Upload Vulnerabilities
BID:58321
Info
AirDrive HD Local File Include and Arbitrary File Upload Vulnerabilities
| Bugtraq ID: | 58321 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 06 2013 12:00AM |
| Updated: | Mar 06 2013 12:00AM |
| Credit: | Benjamin Kunz Mejri |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
AirDrive HD Local File Include and Arbitrary File Upload Vulnerabilities
AirDrive HD is prone to a local file-include vulnerability and an arbitrary file-upload vulnerability.
An attacker can exploit these issues to upload arbitrary files onto the web server, execute arbitrary local files within the context of the web server, and obtain sensitive information.
AirDrive HD 1.6.0 is vulnerable; other versions may also be affected.
AirDrive HD is prone to a local file-include vulnerability and an arbitrary file-upload vulnerability.
An attacker can exploit these issues to upload arbitrary files onto the web server, execute arbitrary local files within the context of the web server, and obtain sensitive information.
AirDrive HD 1.6.0 is vulnerable; other versions may also be affected.
Exploit / POC
AirDrive HD Local File Include and Arbitrary File Upload Vulnerabilities
Attackers can exploit these issues through a browser.
Attackers can exploit these issues through a browser.
Solution / Fix
AirDrive HD Local File Include and Arbitrary File Upload Vulnerabilities
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
AirDrive HD Local File Include and Arbitrary File Upload Vulnerabilities
References:
References: