Path Traversal Vulnerability in eMLi Portal [CVE-2017-7258]

            Hello Everyone,  This is my first vulnerability disclosure in public. If you have any suggestions regarding this feel free to  email me. 

            HTTP Exploit in eMLi Portal allows an Attacker to View Restricted Information or (even more seriously) Execute powerful commands on the web server which can lead to a full compromise of the system via Directory Path Traversal. 

        What is Directory Path Traversal ?

            A Directory Path Traversal attack aims to access files and directories that are stored on Web Server.  By manipulating file paths, it is possible to access arbitrary files, Application Source Code, System Configurations and Critical System Files.

     Impact Scenario:    

            A remote attacker is able to download critical files from eMLi Web Server such as core-emli/Storage, configuration files and log files which may result in "Sensitive Information Disclosure" and may also allow the attacker to carry out further attacks on the system using the information gathered through this vulnerability.

     Affected Versions:  

                 eMLi : School Management - 1.0
               eMLi : College Campus Management - 1.0
               eMLi : University Management - 1.0

      Vulnerability Reproduction Steps (POC): 

             Step 1: Visit URL of any Affected Versions 

             Step 2: Just add “core-emli /Storage “ at the end of Affected URL. 

            Step 3:  The final URL which we have generated allows us to traverse /Storage directory of the web server and as a POC(Proof Of Concept) we can see that URL which we have generated allows us to view the Restricted Sensitive Information Files.

       Timeline :

  •        23/03/2017 - Found Vulnerability
  •       **24/03/2017 - CVE-2017-7258 Assigned
  •       24/03/2017 - Reported to Developer
  •       28/03/2017 - Developer Released a Patch 
  •       29/03/2017 - Disclosed in Public
       Notes :
  • **The Common Vulnerabilities and Exposures (CVE) project has assigned the ID CVE-2017-7258 to this issue. This is an entry on the CVE List, which standardizes names for security problems.
  • CVE ID: CVE- 2017-7258 
  • In case of any doubts please contact me on unqdrms [at] gmail [dot] com

Popular posts from this blog

XSS Vulnerability in Multiple eMLi Products