Shenzhen Ruiming Technology Streamax Crocus Path Traversal Vulnerability in Download Function
Vulnerability
A path traversal vulnerability has been identified in the Streamax Crocus version 1.3.40, developed by Shenzhen Ruiming Technology. The issue arises in the 'Download' function of the 'Service.do' file, where manipulation of the 'Path' parameter allows for unauthorized access to files outside of the intended directory. This vulnerability can be exploited remotely, potentially leading to the disclosure of sensitive information such as database configuration files.
Impact
Exploitation of this vulnerability allows for arbitrary file download, which could be used to access sensitive information from the server, such as configuration files or application data.
Reproduction
To reproduce this vulnerability, send a POST request to 'Service.do' with the 'Action' parameter set to 'Download'. Include a crafted 'Path' parameter that traverses directories to access sensitive files, such as 'C:/windows/win.ini'. The request must also include a valid 'Saffron.U' cookie to bypass authentication.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.