Skip to content
Branch: master
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
NVD-logo
Perl-exploit
http-Directory-Traversal-simulator
README.md

README.md

CVE-2019-6500 Detail finder


Current Description In Axway File Transfer Direct 2.7.1, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request with %2e instead of '.' characters, as demonstrated by an initial /h2hdocumentation//%2e%2e/ substring.

Link:

https://nvd.nist.gov/vuln/detail/CVE-2019-6500#vulnCurrentDescriptionTitle

  • Details:
So you can modify the code exactly what you want it, to check for directory structure vulnerability!
Then you can attack the server or someone's machine of someone victim.
  • For example: /../../../etc/password or another rexp /../../../etc/group

Info and explanation by OWASP

https://owasp.org/www-community/attacks/Path_Traversal

  • wiki:

https://en.wikipedia.org/wiki/Directory_traversal_attack

Usage

perl eedjiento.pl
  • Follow the instruction: BR
You can’t perform that action at this time.