| Titel | sourcecodester Employee and visitor pass logging system v1.0 Directory traversal |
|---|
| Beschreibung | The employee and visitor pass login system 1.0 has an unrestricted directory traversal attack, the attack method is /employee_gatepass/database/ /employee_gatepass/dist/ /employee_gatepass/libs/ /employee_gatepass/uploads/. Accessing the following route will allow unrestricted access to any file in the directory and can directly download it, thereby obtaining sensitive information from the server. |
|---|
| Quelle | ⚠️ https://github.com/happytraveller-alone/cve/blob/main/dir.md |
|---|
| Benutzer | happytraveller (UID 82753) |
|---|
| Einreichung | 13.03.2025 13:02 (vor 1 Jahr) |
|---|
| Moderieren | 22.03.2025 09:10 (9 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 300667 [SourceCodester Employee and Visitor Gate Pass Logging System 1.0 Information Disclosure] |
|---|
| Punkte | 20 |
|---|