![]() | |
http://parse.com directory traversal vulnerability |
Little Insight:
http://parse.com was vulnerable to a directory traversal / RCE vulnerability. As a result, it was possible for an attacker to load web server-readable files from the local filesystem. or Run commend on That
Well this is my 4th reward form facebook Directory Traversal or RCE Vulnerability
That give me 5th position in Facebook white-hat Page
Report Date :23 July 2014
Reward For Directory Traversal or RCE Vulnerability :
How This work......?
As we discussed earlier on my old post Flowdock Directory Traversal Vulnerability exposed files outside of Rails’ view paths.
'%5C'
turns into '\'
after decoding. Using Rack::Protection it only rejects '/../'
segments in the request path. patch apply for Rack::Protection acording CVE-2014-0130 and also Reject now
'%5C'
turns into '\'
after decodingnow my work ....
My Finding....
In the above summary ( CVE-2014-0130 ) it rejects
'/../'
segments in the request path and path is also sanitized to filter out
malicious characters like "..%5c", now m try to bypass filter with " \../ or \..%2f " segments in the request path more details i am disclose in next post ruby on rails Rack::Protection bypass effected on old version
patch version you can use 4.1.1, 4.0.5, 3.2.18
Now
coming
back to Parse.com Facebook Acquisitions here is the proof of concept that I included with bug LFI/RCE. It displayed the contents of the /etc/passwd Or /Gemfile of the http://parse.com server
More Then 5 pages Vulnerable on parse.com with same vector
one of them
Poc Url : https://parse.com/about/\..%2f\..%2f\..%2fGemfile
After some time
i am found how to convert ruby on rails LfI in remote code execution or Shell
Thanks to Jeff Jarmoc for great Article on remote code execution or Shell That make possible to make Rce on parse.com
POC URL : https://parse.com/about/\..%2f\..%2f\..%2fproduction .log?codetoexec=?
More about :
The vulnerability mentioned here has been confirmed & fixed by Facebook Team.
Well this is my 4th reward form facebook Directory Traversal or RCE Vulnerability
That give me 5th position in Facebook white-hat
you can also meet me
Thanks for your information and you have narrated a useful information in this article.
ReplyDeleteJAVA Training in Chennai
JAVA Course in Chennai
Big data training in chennai
Software testing training in chennai
Selenium Training in Chennai
Python Training in Chennai
JAVA Training in Chennai
Java Training in Anna Nagar
Great Article Cyber Security Projects projects for cse Networking Security Projects JavaScript Training in Chennai JavaScript Training in Chennai The Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals, Routing, and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training
ReplyDeleteThanks for spending all your pleasant time to make such a Creative content for us. AWS Training in Chennai
ReplyDelete