Problem POC for directory traversal in Spring framework [HELP]

M

man474019

Member
27.06.2018
12
1
Hi friends

can you advice any POC for directory traversal in Spring framework
bug like
/portal/resources/js/%01jquery-1.9.1.min.js
/portal/resources/js/%01jquery-migrate-1.2.1.min.js
but i don't know how to exploit it then

Thanks
 
z3r0c10wn

z3r0c10wn

Grey Team
04.09.2017
139
276
Hi friends

can you advice any POC for directory traversal in Spring framework
bug like
/portal/resources/js/%01jquery-1.9.1.min.js
/portal/resources/js/%01jquery-migrate-1.2.1.min.js
but i don't know how to exploit it then

Thanks
Hey, and welcome. Are you understand what the type of vulnerability is Directory traversal. For exploiting this you just need to go on Web Page, and you will see directories like in ftp Mode. This is low severity of vulns and type - information disclosure. Fix is configuration of Web engine. This can be realy problem if on this Page acceced put http methods.
 
  • Нравится
Реакции: The Codeby
M

man474019

Member
27.06.2018
12
1
i know what is directory traversal
but i want POC for directory traversal in Spring framework
CVE-2018-1271
 
z3r0c10wn

z3r0c10wn

Grey Team
04.09.2017
139
276



 
M

man474019

Member
27.06.2018
12
1
bro thanks but when i check with burp
portal/resources/static/..%5c/..%5c/windows/win.ini
it responses me http code 400 bad request
what can u advice ? i also tested /..%255c../ but same http 400
 
Мы в соцсетях:  ТелеграмВконтактеДзенФейсбукТвиттерЮтуб