CVE-2021-35380 PoC — Solari Di Udine TermTalk Server 路径遍历漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-35380.yaml

Associated Vulnerability

Title:Solari Di Udine TermTalk Server 路径遍历漏洞 (CVE-2021-35380)
Description:Solari Di Udine Spa Solari Di Udine TermTalk Server（Solari Di Udine TtServer ）是意大利Solari Di Udine Spa公司的一种考勤管理服务。 TermTalk Server (TTServer) 3.24.0.2版本存在安全漏洞，该漏洞源于软件当中对于用户提交的目录数据缺少有效的过滤和转义。该漏洞允许未经身份验证的恶意用户通过访问他们想要下载的文件的相对路径(http://url:port/file?valore)来访问

Description

TermTalk Server (TTServer) 3.24.0.2 is vulnerable to file inclusion which allows unauthenticated malicious user to gain access to the files on the remote system by providing the relative path of the file they want to retrieve.

File Snapshot


 id: CVE-2021-35380

info:
  name: TermTalk Server 3.24.0.2 - Local File Inclusion
  author: fxploit


...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!