关联漏洞
描述
Jquery File Tree 1.6.6 Path Traversal exploit (CVE-2017-1000170)
介绍
# Jquery-File-Tree-1.6.6-Path-Traversal
Jquery File Tree 1.6.6 Path Traversal exploit (CVE-2017-1000170)
The jQueryFileTree <1.6.6 plugin for Wordpress default settings fail to parse the user data causing a path traversal vulnerability.
This allows an attacker to list all the filesnames of all readable folders of the webserver.
Added to a local file inclusion or local file disclosure attack this can lead to arbitrarily download any readable file of the server.
# Usage
`$ xpl_jqueryFileTree.php -u url [-f extensions/filenames] [-p path] [-r] [-h] [-a]`
Legend:
```
-h, --help: Show this message
-u, --url: URL of target
-a, --random-agent: Use random user agents
-f, --filter: Name of files or extensions to search for (separated by comma)
-p, --path: The full path from which the filenames will be read (default: /)
-r, --recursive: Generates the tree recursivelly (be careful)
e.g.: xpl_jqueryFileTree.php -u victim.com -f .zip,.sql -p /var/www/html/backup/admin/ -r
|
\-> This will search for all .zip and .sql files inside victim.com/backup/admin and its subpaths
(You must provide the dot to indicate it's an extension)
xpl_jqueryFileTree.php -u victim.com -f .log,id_rsa -a -r
|
\-> This will search for all files named "id_rsa" or having the extension
".log" within all folders of the server, with random user-agents
Tip: use "php ..... | tee output" to save the result to an output file
```
文件快照
[4.0K] /data/pocs/312ea0c4ee5a589e3cfe9707595fd09c5261384b
├── [1.5K] README.md
└── [ 15K] xpl_jqueryFileTree.php
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。