AeroCMS v0.0.1 was discovered to contain a Directory traversal vulnerability. The vulnerability is due to the failure to normalize the url. This vulnerability allows an attacker to read arbitrary files in the root directory of a website.
Reproduct
Access any interfaces of Folder Path,For example, "/includes, /images, /js, /fonts, css, /admin and /admin/*"
Within Burpsuite, concat multiple "../" in url,that can access any file in the server root directory, include configuration files or other website files
The text was updated successfully, but these errors were encountered:
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
None yet
1 participant
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.
AeroCMS v0.0.1 was discovered to contain a Directory traversal vulnerability. The vulnerability is due to the failure to normalize the url. This vulnerability allows an attacker to read arbitrary files in the root directory of a website.
The text was updated successfully, but these errors were encountered: