File Download Vulnerability in DEXT5Upload 2.7.1262310 by xcuter
The Best Web Vulnerability Scanner is Web Security Checker edited this page Dec 6, 2020
·
4 revisions
1. Summary
- DEXT5Upload is a web component that can transfer large files.
- DEXT5Upload 2.7.1262310 and earlier versions contains a vulnerability that could allow remote files to be downloaded.
- Vulnerabilities in downloading with dext5handler.jsp allow files to be downloaded due to insufficient verification of download paths.
2. Payloads
- dext5CMD --> downloadRequest
- fileVirtualPath --> as you know..
- fileOrgName --> (secret)
- and some...
3. Proof
4. How to find this vulnerability?
-
The "Web Security Checker" automatically diagnoses vulnerabilities in web services. It can diagnose the following vulnerabilities : SQL Injection, XSS, LFI, RFI, SSRF, File Upload, File Download, XXE, Command Injection, File Management, Direcroty Listing, Source Code Disclosure, URL Redirection, Insecure SSL/TLS, Mixed Content, Information Disclosure, HTTP Request Smuggling, SSI Injection, Insufficient Authorization, Personal Information Exposure, Specific Vulnerabilities(ShellShock, Dext5, CVEs, etc..)
-
5. Discoverer
- Minseob Lee(koredge), Bonggoo Kang(xcuter) in NAVER Cloud.
- Security Engineer
- Service : https://www.ncloud.com, https://www.naver.com
#WebVulnberabilityScanner #웹취약점스캐너 #웹보안취약점 #웹해킹 #WebHacking

