[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] Thomson Reuters FATCA - Local File Inclusion
From: Etnies <kuba25101990 () gmail ! com>
Date: 2015-08-10 19:56:20
Message-ID: CAM8W6xxNmW0FfhNzAPERmLJ7eEEM4fjT=580Jix+TaRhUc=byA () mail ! gmail ! com
[Download RAW message or body]
Title: Thomson Reuters FATCA - Local File Inclusion
Author: Jakub Pałaczyński
Date: 10. June 2015
CVE: CVE-2015-5952
Affected software:
==================
All versions of Thomson Reuters FATCA below v5.2
Exploit was tested on:
======================
Thomson Reuters FATCA v5.1.0.30
Description:
============
The Thomson Reuters for FATCA solution enables organizations to comply with
the key requirements of both CRS and FATCA.[1]
Vulnerabilities:
****************
Local File Inclusion:
============================================
Application's parameter "item" is vulnerable to Local File Inclusion, which
makes it possible to include application/system files.
Using this vulnerability FATCA users can for example include uploaded PHP
files (upload directory can be retrieved from the application's error
message) and execute system commands.
References:
===========
[1] Overview:
https://risk.thomsonreuters.com/products/thomson-reuters-fatca
Contact:
========
Jakub[dot]Palaczynski[at]ingservicespolska[dot]pl
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic