Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Add Total.js Directory Traversal module #11547
This module check and exploits a Directory Traversal vulnerability in Total.js framework < 3.2.4 (CVE-2019-8903). Here is a list of accepted extensions: flac, jpg, jpeg, png, gif, ico, js, css, txt, xml, woff, woff2, otf, ttf, eot, svg, zip, rar, pdf, docx, xlsx, doc, xls, html, htm, appcache, manifest, map, ogv, ogg, mp4, mp3, webp, webm, swf, package, json, md, m4v, jsx, heif, heic.
This module has been tested successfully on Total.js framework 3.1.0, 3.2.0 and 3.2.2
List the steps needed to make sure this thing works
In order to set-up a vulnerable site, please refer to https://fabiocogno.github.io/metasploit-modules/totaljs-directory-traversal-try-this-at-home.html
This is very strange ... for convenience I am using docker to quickly have different environments so I have verified that I have not made mistakes of some kind in creating the image. I attach a screenshot of my latest test.
Can you share your test?