Lucene search
Steph JensenEXPLOITPACK:1612731D8D17E5221907ECBF3964F455HistoryAug 08, 2019 - 12:00 a.m.
Aptana Jaxer 1.0.3.4547 - Local File inclusion
2019-08-0800:00:00
Steph Jensen
7
0.025 Low
EPSS
Percentile
90.1%
Aptana Jaxer 1.0.3.4547 - Local File inclusion
# Exploit Title: Aptana Jaxer Remote Local File inclusion
# Date: 8/8/2019
# Exploit Author: Steph Jensen
# Vendor Homepage:
[http://www.jaxer.org](http://www.jaxer.org/category/uncategorized/)
# Version: 1.0.3.4547
# Tested on: Linux
# CVE : CVE-2019-14312
Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via tools/sourceViewer/index.html?filename=../ URI.
To exploit this vulnerability an attacker must have access to the Aptana Jaxer web application. The Samples and Tools page will have the wikilite demo. After opening the wikilite demo the source code can be viewed by clicking the html button and selecting "Wikilite source code". This leads to http://server:8081/aptana/tools/sourceViewer/index.html?filename=../../samples/wikilite/index.html. by using directory traversal in the filename parameter a remote attacker can access internal files on the server.
PoC: http://server:8081/aptana/tools/sourceViewer/index.html?filename=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswdRelated
prion
prion
Code injection
2019-08-09 13:15:00
nvd
nvd
CVE-2019-14312
2019-08-09 13:15:11
cve
cve
CVE-2019-14312
2019-08-09 13:15:11
zdt
zdt
Aptana Jaxer 1.0.3.4547 - Local File inclusion Vulnerability
2019-08-09 00:00:00
cvelist
cvelist
CVE-2019-14312
2019-08-09 12:31:53
packetstorm
packetstorm
Aptana Jaxer 1.0.3.4547 Local File Inclusion
2019-08-08 00:00:00
nuclei
nuclei
Aptana Jaxer 1.0.3.4547 - Local File inclusion
2021-07-28 02:04:19
exploitdb
exploitdb
Aptana Jaxer 1.0.3.4547 - Local File inclusion
2019-08-08 00:00:00