WhiteHSBG JNDIExploit HTTPServer.java handleFileRequest path traversal

A vulnerability was found in WhiteHSBG JNDIExploit 1.4 on Windows. It has been rated as problematic. Affected by this issue is the function handleFileRequest of the file src/main/java/com/feihong/ldap/HTTPServer.java. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. VDB-240866 is the identifier assigned to this vulnerability.

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

对路径名的限制不恰当(路径遍历)

WhiteHSBG JNDIExploit 路径遍历漏洞

WhiteHSBG JNDIExploit是一款用于 JNDI注入 利用的工具，大量参考/引用了 Rogue JNDI 项目的代码，支持直接植入内存shell，并集成了常见的bypass 高版本JDK的方式，适用于与自动化工具配合使用。 WhiteHSBG JNDIExploit 1.4版本存在路径遍历漏洞。攻击者利用该漏洞可以访问存储在web根文件夹之外的文件和目录。

N/A

N/A