Created
December 12, 2022 08:05
-
-
Save robotshell/7b97af98c5dc0cacd57e6bfac90019cd to your computer and use it in GitHub Desktop.
CVE-2022-45269
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### Description | |
A directory traversal vulnerability in the component SCS.Web.Server.SPI/1.0 of Linx Sphere LINX 7.35.ST15 allows attackers to read arbitrary files. | |
### Additional Information | |
The affected product is mounted on a Windows server with IIS 10.0, therefore, only arbitrary Windows files can be read. | |
### Vulnerability Type | |
Directory Traversal | |
### Vendor of Product | |
Linx Sphere | |
### Affected Product Code Base | |
LINX 7.35.ST15 - Versions affected: < LINX 7.35.ST15 | |
### Affected Component | |
Service web SCS.Web.Server.SPI/1.0 in port 3000 | |
### Attack Type | |
Remote | |
### Impact Information Disclosure | |
True | |
### Attack Vectors | |
To exploit the vulnerability simply requires a remote attacker to use the following payload /.../.../.../.../.../.../.../.../.../.../.../.../.../.../.../.../ and the file he wants to access. Example: http://192.168.1.10:3000/../../../../../../../../../../../../windows/iis.log |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment