Problem POC for directory traversal in Spring framework [HELP]

[man474019]

Hi friends

can you advice any POC for directory traversal in Spring framework
bug like
/portal/resources/js/%01jquery-1.9.1.min.js
/portal/resources/js/%01jquery-migrate-1.2.1.min.js
but i don't know how to exploit it then

Thanks

 

[z3r0c10wn]

Hi friends

can you advice any POC for directory traversal in Spring framework
bug like
/portal/resources/js/%01jquery-1.9.1.min.js
/portal/resources/js/%01jquery-migrate-1.2.1.min.js
but i don't know how to exploit it then

Thanks

Hey, and welcome. Are you understand what the type of vulnerability is Directory traversal. For exploiting this you just need to go on Web Page, and you will see directories like in ftp Mode. This is low severity of vulns and type - information disclosure. Fix is configuration of Web engine. This can be realy problem if on this Page acceced put http methods.

 

[man474019]

i know what is directory traversal
but i want POC for directory traversal in Spring framework
CVE-2018-1271

 

[z3r0c10wn]

Ссылка скрыта от гостей

Ссылка скрыта от гостей

 

[man474019]

bro thanks but when i check with burp
portal/resources/static/..%5c/..%5c/windows/win.ini
it responses me http code 400 bad request
what can u advice ? i also tested /..%255c../ but same http 400