Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:22447
HistorySep 10, 2009 - 12:00 a.m.

[Advisory] ChartDirector Critical File Access

2009-09-1000:00:00
vulners.com
37
JSON

Hi,
Please find the following Advisory
http://www.dokfleed.net/duh/modules.php?name=News&file=article&sid=37
Regards
DokFLeed

Advisory No.: ISNSC-0910

ChartDirector Critical File Access

Information

Author: DokFLeed
Program Affected: http://www.chartdir.com for .NET
Version: 5.0.1
Severity: Critical.
Type of Advisory: Mid Disclosure.
Affected/Tested Versions: Random

Program Description

Widely used Chart Component on Financial & Stock Trading websites

Overview

The query variable "cacheId=" is not sanitized, it will can allow critical
files download

Proof Of Concept

?ChartDirectorChartImage=chart_WebChartViewer1&cacheId=/…/…/…/…/…/…/…/…/windows/win.ini

Solution/Fix

Upgrade to latest Chart Dir or apply the following patch (ChartDirector for
.NET Ver 5.0.1 Patch 2):
http://www.advsofteng.com/netchartdir501p2.zip

Vendor Status

The problem you mentions affect ChartDirector for .NET.
The current version of ChartDirector for .NET on our web site (Ver 5.0.2)
already has this issue fixed. So this issue no longer occurs with the
current version of ChartDirector for .NET.
For people using earlier versions of ChartDirector, it is suggested they
upgrade to the latest version. They may also apply the following patch
(ChartDirector for .NET Ver 5.0.1 Patch 2):
http://www.advsofteng.com/netchartdir501p2.zip

Reference

http://dokfleed.net/duh/modules.php?name=News&file=article&sid=48

JSON