AjaXplorer Zoho Plugin Directory Traversal Vulnerability Network Vulnerability

Summary

This host is running AjaXplorer with zoho plugin and is prone to directory traversal and file upload vulnerability.

Impact

Successful exploitation may allow an attacker to obtain sensitive information, and upload a malicious PHP script, which could allow the attacker to execute arbitrary PHP code on the affected system. Impact Level: System/Application

Solution

Upgrade to AjaXplorer 5.0.4 or later. For updates refer to http://pyd.io

Insight

The flaws exist due to improper validation of user-supplied input via 'name' parameter and improper validation of file extensions by the save_zoho.php script.

Affected

AjaXplorer zoho plugin 5.0.3 and probably before.

Detection

Send a crafted exploit string via HTTP GET request and check whether it is able to read the system file or not.

References

http://archives.neohapsis.com/archives/bugtraq/2013-11/0043.html
http://osvdb.org/99614
http://xforce.iss.net/xforce/xfdb/88667
http://xforce.iss.net/xforce/xfdb/88668

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-6226, CVE-2013-6227

CVSS	Base Score: 8.5 AV:N/AC:L/Au:N/C:C/I:N/A:P

Related Vulnerabilities

4Images <= 1.7.1 Directory Traversal Vulnerability
AlienVault OSSIM SQL Injection and Remote Code Execution Vulnerabilities
Apache Tomcat AJP Protocol Security Bypass Vulnerability
AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities
Andy's PHP Knowledgebase 's' Parameter SQL Injection Vulnerability

AjaXplorer zoho plugin Directory Traversal Vulnerability

Take action and discover your vulnerabilities