mirror of https://github.com/qwqdanchun/Goby.git
42 lines
1.7 KiB
JSON
42 lines
1.7 KiB
JSON
{
|
|
"Name": "iDVR system file traversal",
|
|
"Description": "IDVR multi-stage monitoring platform ~ C: / WINDOWS/system32 / drivers/etc/hosts file traversal file downloads",
|
|
"Product": "iDVR",
|
|
"Homepage": "http://code.google.com/p/idvr/",
|
|
"DisclosureDate": "2021-06-01",
|
|
"Author": "atdpa4sw0rd@gmail.com",
|
|
"GobyQuery": "product=\"iDVR\"",
|
|
"Level": "3",
|
|
"Impact": "<p>Direct access to the attacker to sensitive data, implement the download the file to the client, but if there is no filtering of the incoming parameters, you can achieve any file download service, including configuration files, log, source code, etc., to produce arbitrary files download, can lead to hackers successfully to enter the sensitive information of database or system. Causes the website or the server to collapse.<br></p>",
|
|
"Recommendation": "<p>1, before the download of the incoming parameters to filter, directly will.. Replace it with empty, and you can easily achieve the purpose of prevention.</p><p>2. Check the download file type to determine whether the download type is allowed.</p><p>3. Upgrade to the latest version</p>",
|
|
"References": [
|
|
"https://github.com/cflq3/poc/blob/master/bugscan/exp-2031.py"
|
|
],
|
|
"HasExp": true,
|
|
"ExpParams": [
|
|
{
|
|
"name": "filePath",
|
|
"type": "input",
|
|
"value": "C:/WINDOWS/system32/drivers/etc/hosts"
|
|
}
|
|
],
|
|
"ExpTips": {
|
|
"Type": "",
|
|
"Content": ""
|
|
},
|
|
"ScanSteps": null,
|
|
"ExploitSteps": null,
|
|
"Tags": [
|
|
"Disclosure of Sensitive Information",
|
|
"File Inclusion"
|
|
],
|
|
"CVEIDs": null,
|
|
"CVSSScore": "0.0",
|
|
"AttackSurfaces": {
|
|
"Application": null,
|
|
"Support": null,
|
|
"Service": null,
|
|
"System": null,
|
|
"Hardware": null
|
|
}
|
|
} |