Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-13864 PoC — Play Framework Assets控制器路径遍历漏洞

Source
https://github.com/tafamace/CVE-2018-13864
Associated Vulnerability
Title:Play Framework Assets控制器路径遍历漏洞 (CVE-2018-13864)
Description:Play Framework是一套开源的Java Web应用框架。该框架具有可扩展、资源消耗低等特点。Assets controller是其中的一个资产控制器。 Play Framework 2.6.12版本至2.6.15版本中的Assets控制器存在目录遍历漏洞,该漏洞源于当程序在Windows上运行时Assets控制器未能正确地处理路径。远程攻击者可通过发送特制的HTTP请求利用该漏洞从目标服务器上下载任意文件。
File Snapshot

 [4.0K]  /data/pocs/5ca04f8e776c026eb8595c16b612968fd4021719
├── [ 317]  Main.java
└── [1.7K]  pom.xml

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.