module
A10 Networks AX Loadbalancer Directory Traversal
| Disclosed | Created |
|---|---|
| Jan 28, 2014 | May 30, 2018 |
Disclosed
Jan 28, 2014
Created
May 30, 2018
Description
This module exploits a directory traversal flaw found in A10 Networks
(Soft) AX Loadbalancer version 2.6.1-GR1-P5/2.7.0 or less. When
handling a file download request, the xml/downloads class fails to
properly check the 'filename' parameter, which can be abused to read
any file outside the virtual directory. Important files include SSL
certificates. This module works on both the hardware devices and the
Virtual Machine appliances. IMPORTANT NOTE: This module will also delete the
file on the device after downloading it. Because of this, the CONFIRM_DELETE
option must be set to 'true' either manually or by script.
(Soft) AX Loadbalancer version 2.6.1-GR1-P5/2.7.0 or less. When
handling a file download request, the xml/downloads class fails to
properly check the 'filename' parameter, which can be abused to read
any file outside the virtual directory. Important files include SSL
certificates. This module works on both the hardware devices and the
Virtual Machine appliances. IMPORTANT NOTE: This module will also delete the
file on the device after downloading it. Because of this, the CONFIRM_DELETE
option must be set to 'true' either manually or by script.
Author
xistence
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.