Lucene search
Steph Jensen1337DAY-ID-33094HistoryAug 09, 2019 - 12:00 a.m.
Aptana Jaxer 1.0.3.4547 - Local File inclusion Vulnerability
2019-08-0900:00:00
Steph Jensen
0day.today
16
EPSS
0.023
Percentile
89.8%
Exploit for multiple platform in category web applications
# Exploit Title: Aptana Jaxer Remote Local File inclusion
# Exploit Author: Steph Jensen
# Vendor Homepage:
[http://www.jaxer.org](http://www.jaxer.org/category/uncategorized/)
# Version: 1.0.3.4547
# Tested on: Linux
# CVE : CVE-2019-14312
Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via tools/sourceViewer/index.html?filename=../ URI.
To exploit this vulnerability an attacker must have access to the Aptana Jaxer web application. The Samples and Tools page will have the wikilite demo. After opening the wikilite demo the source code can be viewed by clicking the html button and selecting "Wikilite source code". This leads to http://server:8081/aptana/tools/sourceViewer/index.html?filename=../../samples/wikilite/index.html. by using directory traversal in the filename parameter a remote attacker can access internal files on the server.
PoC: http://server:8081/aptana/tools/sourceViewer/index.html?filename=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
# 0day.today [2019-12-04] #Related
prion
prion
Code injection
2019-08-09 13:15:00
nvd
nvd
CVE-2019-14312
2019-08-09 13:15:11
exploitdb
exploitdb
Aptana Jaxer 1.0.3.4547 - Local File inclusion
2019-08-08 00:00:00
packetstorm
packetstorm
Aptana Jaxer 1.0.3.4547 Local File Inclusion
2019-08-08 00:00:00
cve
cve
CVE-2019-14312
2019-08-09 13:15:11
exploitpack
exploitpack
Aptana Jaxer 1.0.3.4547 - Local File inclusion
2019-08-08 00:00:00
nuclei
nuclei
Aptana Jaxer 1.0.3.4547 - Local File inclusion
2021-07-28 02:04:19
cvelist
cvelist
CVE-2019-14312
2019-08-09 12:31:53