Hacker
Professional
- Messages
- 1,043
- Reaction score
- 843
- Points
- 113
Represents a Directory Traversal vulnerability
Allows to traverse the Ffay directory in lanproxy and read configuration files.
Interestingly, the vulnerability was discovered on January 4-5, 2021 and was assigned a medium severity class.
At the moment, the hazard class has been increased. Still, after all, where there is reading of confidential data, there is a possible hijacking of the server.
All information is provided solely for information and study of security issues. The use of the material in question for illegal purposes is strictly prohibited.
In my testing, I settled on two exploits. We'll look at how both options work. The first one was published today by the author Negan.
Exploit 1
# git clone https://github.com/liuxu54898/CVE-2021-3019.git
# Python3 CVE-2021-3019.py url.txt -working with a target list
Another exploit, also has good performance, from FanqXu.
Exploit 2
# git clone https://github.com/FanqXu/CVE-2021-3019.git
# python3 POC.py -u http://127.0.0.1:9100 -r / etc / shadow -reading files
# python3 POC.py -u http://127.0.0.1:9100 - read config file
# python3 POC.py -f urls.txt - work with a file with a target list of urls
Let's move on to demonstrating how exploits work and exploiting a vulnerability.
The only thing you need to know is on which port the admin panel of the tested resource is hanging.
I also had to create a text file url.txt to work with exploits.
The exploit from Negan seemed to be somewhat convenient in displaying information.
You can see that almost all targets from the list were vulnerable.
Passwords with logins have been received, please note that passwords are found to be both invalid and complex.
Also, this information will be saved in a .csv file in the exploit directory.
Let's see how the FanqXu exploit works.
Let's try to read the file with passwords of the tested resource.
Not bad too, we get everything and we get a message that the target is vulnerable.
And at the end of testing, we will check how this vulnerability really deserves an increased severity class.
With the received data, an attacker can log in, create clients, delete, change settings, etc.
The rights are often admin.
But we will not harm the resource and, like sane people, we will press the exit button in the right corner.
The whole danger of the identified vulnerability, I think, is understandable.
Protection: It is 0day at the moment.
Allows to traverse the Ffay directory in lanproxy and read configuration files.
Interestingly, the vulnerability was discovered on January 4-5, 2021 and was assigned a medium severity class.
At the moment, the hazard class has been increased. Still, after all, where there is reading of confidential data, there is a possible hijacking of the server.
All information is provided solely for information and study of security issues. The use of the material in question for illegal purposes is strictly prohibited.
In my testing, I settled on two exploits. We'll look at how both options work. The first one was published today by the author Negan.
Exploit 1
# git clone https://github.com/liuxu54898/CVE-2021-3019.git
# Python3 CVE-2021-3019.py url.txt -working with a target list
Another exploit, also has good performance, from FanqXu.
Exploit 2
# git clone https://github.com/FanqXu/CVE-2021-3019.git
# python3 POC.py -u http://127.0.0.1:9100 -r / etc / shadow -reading files
# python3 POC.py -u http://127.0.0.1:9100 - read config file
# python3 POC.py -f urls.txt - work with a file with a target list of urls
Let's move on to demonstrating how exploits work and exploiting a vulnerability.
The only thing you need to know is on which port the admin panel of the tested resource is hanging.
I also had to create a text file url.txt to work with exploits.
The exploit from Negan seemed to be somewhat convenient in displaying information.
You can see that almost all targets from the list were vulnerable.
Passwords with logins have been received, please note that passwords are found to be both invalid and complex.
Also, this information will be saved in a .csv file in the exploit directory.
Let's see how the FanqXu exploit works.
Let's try to read the file with passwords of the tested resource.
Not bad too, we get everything and we get a message that the target is vulnerable.
And at the end of testing, we will check how this vulnerability really deserves an increased severity class.
With the received data, an attacker can log in, create clients, delete, change settings, etc.
The rights are often admin.
But we will not harm the resource and, like sane people, we will press the exit button in the right corner.
The whole danger of the identified vulnerability, I think, is understandable.
Protection: It is 0day at the moment.
