Exploit Acme.Serve 1.7 - Arbitrary File Access

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
20894
Проверка EDB
  1. Пройдено
Автор
ADNAN RAHMAN
Тип уязвимости
REMOTE
Платформа
MULTIPLE
CVE
cve-2001-0748
Дата публикации
2001-05-31
Код:
source: https://www.securityfocus.com/bid/2809/info

Acme.Serve is a free, open-source, embeddable webserver written in Java. It is small, is intended to provide minimal functionality, and is fully compatible with JavaServer.

Acme.Serve 1.7 comes with a webserver that listens on port 9090. This webserver allows clients to browse the filesystem. By default, this webserver is enabled and accessible by any remote host on the Internet.

If an attacker were to connect, they could view possibly sensitive information.


http://potentialvictim:9090//etc/shadow to view '/etc/shadow'.
 
Источник
www.exploit-db.com

Похожие темы