-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
limesurvey dir traversals #13215
limesurvey dir traversals #13215
Conversation
No need to add an email, thanks. Michael's github is @mburkey6 |
@mburkey6 if you want an email added, just put it here and i'll add it! |
You do not need to add an email for me either. Thanks for asking though!
…On Wed, Apr 8, 2020, 3:33 PM h00die ***@***.***> wrote:
@mburkey6 <https://github.com/mburkey6> if you want an email added, just
put it here and i'll add it!
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#13215 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AMNE3VF2MHM2QUP24J75FE3RLTGQZANCNFSM4MEEZSIQ>
.
|
documentation/modules/auxiliary/scanner/http/limesurvey_zip_traversals.md
Outdated
Show resolved
Hide resolved
Thanks, @h00die! I went ahead and tested against versions Test output:
|
Release NotesA new auxiliary module , |
Thanks @space-r7 |
This PR adds 2 directory traversals for LimeSurvey.
The two CVEs I found were very similar, and most of the login/generic stuff overlapped, so I just put it in one module. This gives coverage back to at least Sep 25, 2017. The one
@mattaberegg credits for the newer CVE (do you want an email added, and do you know Michael Burkey's github?)
This module has been verified against the following versions:
Verification
msfconsole
use auxiliary/scanner/http/limesurvey_zip_traversals
run