CVE-2015-3648 PoC — Montala Limited ResourceSpace 目录遍历漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2015/CVE-2015-3648.yaml

Associated Vulnerability

Title:Montala Limited ResourceSpace 目录遍历漏洞 (CVE-2015-3648)
Description:Montala Limited ResourceSpace是英国Montala公司的一套开源的数字资产管理软件。该软件支持快速搜索资源、共享资源等。 Montala Limited ResourceSpace 7.2.6727之前版本的pages/setup.php脚本中存在目录遍历漏洞。远程攻击者可借助‘defaultlanguage’参数中的目录遍历字符‘..’利用该漏洞包含并执行任意本地文件。

Description

ResourceSpace is prone to a local file-inclusion vulnerability because it fails to sufficiently sanitize user-supplied input.

File Snapshot


 id: CVE-2015-3648

info:
  name: ResourceSpace - Local File inclusion
  author: pikpikcu
  severity:

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!