Recent Vulnerabilities Research Posts Trends Blog About Contact
Related Vulnerabilities: CVE-2018-19753
Source
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->
<a href="/fulldisclosure/"><img src="/images/fulldisclosure-logo.png" class="l-logo right" alt="fulldisclosure logo" width="80"></a>
<h2 class="m-list"><a href="/fulldisclosure/">Full Disclosure</a>
mailing list archives</h2>
<!--X-User-Header-End-->
<!--X-TopPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="65"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#66">By Date</a>
<a href="67"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="65"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#66">By Thread</a>
<a href="67"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<form class="nst-search center" action="/search/fulldisclosure">
<input class="nst-search-q" name="q" type="search" placeholder="List Archive Search">
<button class="nst-search-button" title="Search">
<img style="width:100%;aspect-ratio:1/1;" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#search">
</button>
</form>

</div>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
<h1 class="m-title">CVE-2018-19753 - Directory Traversal in Tarantella Enterprise	before 3.11</h1>
<hr>
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->


<em>From</em>: Rafael Pedrero &lt;rafael.pedrero () gmail com&gt;


<em>Date</em>: Fri, 30 Nov 2018 06:50:14 +0100


<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<hr>
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
<pre style="margin: 0em;">Vulnerability found in 2009.

&lt;!--
# Exploit Title: Directory Traversal in Tarantella Enterprise before 3.11
# Date: 30-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: Homepage: <a rel="nofollow" href="http://www.sun.com/">http://www.sun.com/</a> &amp; <a rel="nofollow" href="http://www.oracle.com/">http://www.oracle.com/</a>
# Software Link: the product is discontinued (vulnerability found in 2009)
# Version: Tarantella Enterprise before 3.11
# Tested on: All
# CVE : CVE-2018-19753
# Category: webapps


1. Description

Tarantella Enterprise before 3.11 allows Directory Traversal via a full
pathname preceded by the ./ sequence, as demonstrated by a
"/cgi-bin/secure/ttawlogin.cgi/?action=start&amp;pg=./" substring.

A path traversal attack (also known as directory traversal) aims to access
files and directories that are stored outside the web root folder. By
manipulating variables that reference files with "dot-dot-slash (../)"
sequences and its variations or by using absolute file paths, it may be
possible to access arbitrary files and directories stored on file system
including application source code or configuration and critical system
files. It should be noted that access to files is limited by system
operational access control (such as in the case of locked or in-use files
on the Microsoft Windows operating system). The cgi ttawlogin.cgi can read
files if use "./" in the petition.


2. Proof of Concept

<a rel="nofollow" href="http://x.x.x.x/tarantella/cgi-bin/secure/ttawlogin.cgi/?action=start&amp;pg=./fileexist">http://x.x.x.x/tarantella/cgi-bin/secure/ttawlogin.cgi/?action=start&amp;pg=./fileexist</a>
or (./../../../../../../../../../../../../../../etc/passwd)

3. Solution:

The product is discontinued.
<a rel="nofollow" href="https://www.oracle.com/us/assets/lifetime-support-hardware-301321.pdf">https://www.oracle.com/us/assets/lifetime-support-hardware-301321.pdf</a>

--&gt;

_______________________________________________
Sent through the Full Disclosure mailing list
<a rel="nofollow" href="https://nmap.org/mailman/listinfo/fulldisclosure">https://nmap.org/mailman/listinfo/fulldisclosure</a>
Web Archives &amp; RSS: <a rel="nofollow" href="http://seclists.org/fulldisclosure/">http://seclists.org/fulldisclosure/</a>

</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="65"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#66">By Date</a>
<a href="67"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="65"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#66">By Thread</a>
<a href="67"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
</div>
<h3 class="m-thread">Current thread:</h3>
<ul class="thread">
<li><strong>CVE-2018-19753 - Directory Traversal in Tarantella Enterprise	before 3.11</strong> <em>Rafael Pedrero (Nov 30)</em>
</li></ul>


<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
<p>
Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.
Home Recent Vulnerabilities Research Posts Trends Blog About Contact
Vulmon Search Vulmon Research Vulmon Alerts Vulmap
Twitter Reddit Linkedin Facebook
CVE-2018-19753 - Directory Traversal in Tarantella Enterprise before 3.11

Vulmon Search

About

Products

Connect
