Path Traveler vulnerability in Cab Booking Script (PHP-Script-Mall): [CVE-2019-9064]

Vulnerability Description: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.





How to Exploit:=>



1. Go to the site (http://74.124.215.220/~config/demo/cab_booking/)
↓ ↓ ↓ ↓




2. Open Burpsuit then intercept and spider the data.
↓ ↓ ↓ ↓




3. Now use the burp search option and search jpg or png
↡ ↡ ↡ ↡




4. Now pick any link and select show response in the browser
↡ ↡ ↡ ↡




5. Then delete the last part of URL [after last forward slash] (http://74.124.215.220/~config/demo/cab_booking/uploads/category/)
↡ ↡ ↡ ↡




6. You will get all The file lists (Directory listing)
↡ ↡ ↡ ↡

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a website or blog at WordPress.com

Up ↑

Create your website at WordPress.com
Get started
%d bloggers like this: