CVE-2015-2071

eTouch SamePage Enterprise Edition 4.4.0.0.239 - Authenticated Path Traversal via filepath Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-2071. PoCs published by Brandon Perry.

AI-analyzed exploit summary The exploit demonstrates a time-based SQL injection in the `catId` parameter of the `/cm/blogrss/feed` servlet and an authenticated arbitrary file read via `/cm/newui/blog/export.jsp`. SQL injection allows blind extraction of database information, while the file read vulnerability exposes sensitive configuration files containing database credentials.

Description

Directory traversal vulnerability in cm/newui/blog/export.jsp in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filepath parameter.

Exploits (1)

exploitdb WORKING POC

by Brandon Perry · textwebappsphp

https://www.exploit-db.com/exploits/36089

View Code ZIP pw:eip

The exploit demonstrates a time-based SQL injection in the `catId` parameter of the `/cm/blogrss/feed` servlet and an authenticated arbitrary file read via `/cm/newui/blog/export.jsp`. SQL injection allows blind extraction of database information, while the file read vulnerability exposes sensitive configuration files containing database credentials.

Classification

Working Poc | Writeup 95%

Attack Type

Sqli | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: eTouch SamePage v4.4.0.0.239

No auth needed

Prerequisites: Network access to the target application · For file read: valid user credentials (easily obtainable via self-registration)

MITRE ATT&CK