← Advisories

up.time 7.5.0 Arbitrary File Disclose And Delete Exploit

Medium

Advisory ID

ZSL-2015-5253

Release Date

19 August 2015

Vendor

Idera Inc. - http://www.uptimesoftware.com

Affected Version

7.5.0 (build 16) and 7.4.0 (build 13)

CVE

N/A

Tested On

Jetty, PHP/5.4.34, MySQL, Apache/2.2.29 (Win64) mod_ssl/2.2.29 OpenSSL/1.0.1j PHP/5.4.34

Summary

The next-generation of IT monitoring software.

Description

Input passed to the 'file_name' parameter in 'get2post.php' script is not properly sanitised before being used to get the contents of a resource and delete files. This can be exploited to read and delete arbitrary data from local resources with the permissions of the web server using a proxy tool.

Proof of Concept

uptime_dt.txtTXT

Disclosure Timeline

29.07.2015Vulnerability discovered.

06.08.2015Vendor contacted.

18.08.2015No response from the vendor.

19.08.2015Public security advisory released.

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]https://www.zeroscience.mk/#/advisories/ZSL-2015-5254

[2]http://cxsecurity.com/issue/WLB-2015080118

[3]https://www.exploit-db.com/exploits/37887/

[4]https://packetstormsecurity.com/files/133254

[5]https://exchange.xforce.ibmcloud.com/vulnerabilities/105949

[6]https://exchange.xforce.ibmcloud.com/vulnerabilities/105950

Changelog

19.08.2015Initial release

13.09.2015Added reference [2], [3], [4], [5] and [6]