关联漏洞
标题:
N/A
(CVE-2023-49031)
描述:Tikit(现为Advanced)eMarketing平台6.8.3.0版本中存在目录遍历(本地文件包含)漏洞,远程攻击者可以通过构造特定载荷访问OpenLogFile端点的filename参数,读取任意文件并获取敏感信息。
描述
LFI Tikit eMarketing v6.8.3.0 (CVE-2023-49031)
介绍
# LFI Tikit eMarketing (CVE-2023-49031)
## Discovery
On November 2023, a novel local file inclusion vulnerability was identified in the “eMarketing” platform developed by Tikit (now Advanced) during a client engagement.
This issue was resolved with Advanced on February 2024
## Affected Versions
This vulnerability has only been tested and vulnerable on version 6.8.3.0
## Attack Vector
The "filename" parameter used by "OpenLogFile" endpoint was found to be not sanitized. An unauthenticated threat actor may
leverage this vulnerability to read arbitrary files from the local file system.
## POC
As a Proof-of-Concept (PoC), database credentials were collected from the "web.config" file found on a
vulnerable machine.
## Vulnerability Check
An example HTTP GET payload (path + parameters) to read the hosts file on a vulnerable
Windows system can be found below:
* /DATA/Log/OpenLogFile?filename=C%3A%5CWindows%5CSystem32%5Cdrivers%
5Cetc%5Chosts
## Remediation
Update to the latest version of eMarketing
文件快照
[4.0K] /data/pocs/575c1638d9727e37121691a3c23a8c1342fea01c
├── [ 82K] Attack_vector.png
├── [169K] POC.png
├── [1.1K] README.md
└── [ 35K] version.png
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。