CVE-2019-14322 PoC — Pallets Werkzeug 路径遍历漏洞

Source

https://github.com/faisalfs10x/http-vuln-cve2019-14322.nse

Associated Vulnerability

Title:Pallets Werkzeug 路径遍历漏洞 (CVE-2019-14322)
Description:Pallets Werkzeug是一款WSGI Web应用程序库。 Pallets Werkzeug 0.15.5之前版本中存在安全漏洞，该漏洞源于SharedDataMiddleware错误处理了Windows路径名称中的驱动程序名（例如：C:）。攻击者可利用该漏洞访问任意文件。

Description

Nmap NSE script to detect CVE-2019-14322 of Pallets Werkzeug path traversal via SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames

Readme

# http-vuln-cve2019-14322.nse

- Nmap NSE script to detect CVE-2019-14322 of Pallets Werkzeug path traversal via SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames

# Description

- CVE-2019-14322 - A vulnerability was found in Pallets Werkzeug up to 0.15.4. It has been declared as critical. This vulnerability affects the function SharedDataMiddleware of the component Windows. 
- The manipulation with an unknown input leads to a directory traversal vulnerability. The CWE definition for the vulnerability is CWE-22. 
- This script reads c:/windows/win.ini as a proof of concept.
- This vulnerability is running on (cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*, cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x64:*)


# Clone and Install

- git clone https://github.com/faisalfs10x/http-vuln-cve2019-14322.nse
- cd http-vuln-cve2019-14322.nse/
- sudo cp http-vuln-cve2019-14322.nse /usr/share/nmap/scripts/

# Usage
-----


    $ nmap --script http-vuln-cve2019-14322.nse -p <port> <target>

    PORT    STATE SERVICE
    443/tcp open  https
    | http-vuln-cve2019-14322: 
    |   VULNERABLE:
    |   Pallets Werkzeug path traversal via SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames
    |     State: VULNERABLE
    |     IDs:  CVE:CVE-2019-14322
    |       		
    |       A vulnerability was found in Pallets Werkzeug up to 0.15.4. It has been declared as critical. 
    |       This vulnerability affects the function SharedDataMiddleware of the component Windows. 
    |       The manipulation with an unknown input leads to a directory traversal vulnerability. The CWE definition for the vulnerability is CWE-22.
    |       This script reads c:/windows/win.ini as a proof of concept.
    |       This vulnerability is running on (cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*, cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x64:*)
    |       		
    |           
    |     Disclosure date: 2019-07-28
    |     References:
    |       https://www.cvedetails.com/cve/CVE-2019-14322/
    |       https://vuldb.com/?id.138886
    |       https://palletsprojects.com/blog/werkzeug-0-15-5-released/
    |_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14322
    
    Nmap done: 1 IP address (1 host up) scanned in 0.48 seconds
    
    
 # Published in:

- https://github.com/nomi-sec/PoC-in-GitHub#cve-2019-14322-2019-07-28

File Snapshot


 [4.0K]  /data/pocs/3cea8f57b0317ceb851b8688ad847ecbdd274863
├── [3.6K]  http-vuln-cve2019-14322.nse
├── [1.0K]  LICENSE
└── [2.3K]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!