Advisory

Upgrade to the latest version of Ahsay, currently 8.1.1.50 (https://www.ahsay.com/jsp/en/downloads/ahsay-downloads_latest-software_ahsaycbs.jsp)

Technical details

Path traversal the following page can be used to browse the server the AhsayCBS v8.1.0.50 is installed on.

On the page https://172.16.238.213/cbs/system/ShowAdvanced.do “File Explorer” it is possible to change the directory in the Javascript code. When this is done to lets say C: we can browse the whole server.

Screenshot: Changing the Javascript to C:\\:

Screenshot: If we now click the link “C:\Program Files\AhsayCBS” we will be redirected to “C:":