Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-18777 PoC — Microstrategy Web 路径遍历漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-18777.yaml
Associated Vulnerability
Title:Microstrategy Web 路径遍历漏洞 (CVE-2018-18777)
Description:Microstrategy Web是美国Microstrategy公司的一套企业数据分析平台。该平台具有数据发现、数据可视化和报表生成等功能。 Microstrategy Web 7版本中的/WebMstr7/servlet/mstrWeb页面的‘subpage’参数存在路径遍历漏洞。远程攻击者可借助路径名中的‘/..’序列利用该漏洞绕过SecurityManager限制并列出上级目录。
Description
Microstrategy Web 7 is vulnerable to local file inclusion via "/WebMstr7/servlet/mstrWeb" (in the parameter subpage). Remote authenticated users can bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application. NOTE: this is a deprecated product.
File Snapshot

 id: CVE-2018-18777

info:
  name: Microstrategy Web 7 - Local File Inclusion
  author: 0x_Akoko
  se

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.