CVE-2013-5528 PoC — Cisco Unified Communications Manager 目录遍历漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2013/CVE-2013-5528.yaml

Associated Vulnerability

Title:Cisco Unified Communications Manager 目录遍历漏洞 (CVE-2013-5528)
Description:Cisco Unified Communications Manager（CUCM，Unified CM，CallManager）是美国思科（Cisco）公司的一款统一通信系统中的呼叫处理组件。该组件提供了一种可扩展、可分布和高可用的企业IP电话呼叫处理解决方案。 CUCM中的Tomcat服务器的管理Web界面中存在目录遍历漏洞，该漏洞源于程序没有正确过滤用户提交的输入。远程经过授权的攻击者可通过提供一系列目录遍历字符利用该漏洞读取任意文件。

Description

A directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815

File Snapshot


 id: CVE-2013-5528

info:
  name: Cisco Unified Communications Manager 7/8/9 - Directory Traversal
  

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!