CMS Directory traversal Vulnerability

Posted on 30 November -0001
<HTML><HEAD><TITLE>å¸ˆè¯´CMS Directory traversal Vulnerability</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
|=============================================================|
|[+] Exploit Title : Directory traversal Vulnerability in å¸ˆè¯´CMS 
|[+]
|[+] Exploit Author: Ashiyane Digital Security Team
|[+]
|[+] Vendor : https://github.com/northyoung/cms
|[+]
|[+] Tested on:  Kali Linux 
|[+]
|[+] Date: 12 /29 / 2016
|=============================================================|
|[+] Vuln Path : http://127.0.0.1/cms-master/cms/src/main/webapp/upload/../WEB-INF/web.xml?
|[+] Method :GET
|=============================================================|
|[+] Vulnerability description
|==============================|
|[+] This script is possibly vulnerable to directory traversal attacks.
|[+] Directory Traversal is a vulnerability which allows attackers to access restricted 
|[+] directories and execute commands outside of the web server's root directory.
|[+] This vulnerability affects /cms-master/cms/src/main/webapp/upload. 
|[+] Discovered by: Scripting (Server_Directory_Traversal.script). 
|[+] Attack details
|[+] This file was found using the pattern ${dirName}/../WEB-INF/web.xml?.
|[+] Original directory: /cms-master/cms/src/main/webapp/upload
|[+]
|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
|[+] Discovered By : M.R.S.L.Y
|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|  </BODY></HTML>
TOP
Malware :

Last 20
Exploits :

Last 20