If you are using the ASP.NET AJAX Control Toolkit, you'll want to make sure it's updated to the latest version as it patches a critical security vulnerability.
The "Directory Traversal" vulnerability affects ASP.NET AJAX Control Toolkit versions prior to v15.1.x.
The vulnerability existed prior to DevExpress taking over the ASP.NET AJAX Control Toolkit. DevExpress has patched this vulnerability with our first release of the ASP.NET AJAX Control Toolkit v15.1.
Details
Brian Cardinale, Principal Application Security Consultant, notified us of the vulnerability last year (thanks Brian!). To help you understand the vulnerability, I'll use Brian's excellent description:
There is a File Write Directory Traversal issue inside the AjaxControlToolkit “AjaxFileUpload” control. When uploading a file using this control, the framework should write the file to the environments “temp” directory. The framework is not validating the “fileid” parameter from being modified. This parameter is later used in the creation of the path in the “temp” directory. This parameter can be modified to write to any location on the disk, as long as file system permissions allows. This exploit can lead to Remote Code Execution if an attacker is able to upload an .aspx file into the web directory. - Brian Cardinale
To learn more, check out Brian's blog post on this issue.
Update to v15.1.x (or higher)
To patch this vulnerability, upgrade your ASP.NET AJAX Control Toolkit version to the latest versions. You can download our useful installer here:
Or use the Nuget libraries:
ASP.NET AJAX Control Toolkit Nuget package
Related posts: