header-logo
Suggest Exploit
vendor:
MaDDash
by:
ManhNho
5.3
CVSS
MEDIUM
Directory Listing
590
CWE
Product Name: MaDDash
Affected Version From: 2.0.2
Affected Version To: 2.0.2
Patch Exists: YES
Related CWE: CVE-2018-12522,CVE-2018-12523,CVE-2018-12524,CVE-2018-12525
CPE: 2.3:a:perfsonar:maddash:2.0.2
Metasploit: N/A
Other Scripts: https://www.infosecmatter.com/nessus-plugin-library/?id=42106https://www.infosecmatter.com/metasploit-module-library/?mm=auxiliary/scanner/smb/impacket/dcomexechttps://www.infosecmatter.com/metasploit-module-library/?mm=auxiliary/scanner/smb/impacket/wmiexechttps://www.infosecmatter.com/metasploit-module-library/?mm=auxiliary/scanner/teradata/teradata_odbc_loginhttps://www.infosecmatter.com/nessus-plugin-library/?id=131599
Platforms Tested: Windows 7
2018

MaDDash 2.0.2 – Directory Listing

A directory listing is inappropriately exposed, yielding potentially sensitive information to attackers. A directory listing provides an attacker with the complete index of all the resources located inside of the directory. The specific risks and consequences vary depending on which files are listed and accessible.

Mitigation:

Disable directory listing on the web server, or restrict access to the directory listing page.
Source

Exploit-DB raw data:

# Exploit Title: MaDDash 2.0.2 - Directory Listing
# Date: 2018-06-18
# Vendor: perfSONAR
# Download Link: https://github.com/esnet/maddash/archive/master.zip
# Version: 2.0.2
# Exploit Author: ManhNho
# CVE: CVE-2018-12522,CVE-2018-12523,CVE-2018-12524,CVE-2018-12525
# Category: Webapps
# Tested on: Windows 7

--- Description ---
A directory listing is inappropriately exposed, yielding potentially
sensitive information to attackers.
A directory listing provides an attacker with the complete index of all the
resources located inside of the directory.
The specific risks and consequences vary depending on which files are
listed and accessible.

---Affected items---
http://127.0.0.1/maddash-webui/etc/
http://127.0.0.1/maddash-webui/lib/
http://127.0.0.1/maddash-webui/images/
http://127.0.0.1/maddash-webui/style/

---References---
https://pastebin.com/eA5tGKf0

Navigation

Suggest Exploit

Services By CQR