Full Disclosure mailing list archives
CVE-2023-46307
From: Kevin <krandall2013 () gmail com>
Date: Mon, 13 Nov 2023 10:35:06 -0500
While conducting a penetration test for a client, they were running an application called etc-browser which is a public GitHub project with a Docker container. While fuzzing the web server spun up with etcd-browser (which can run on any arbitrary port), the application had a Directory Traversal vulnerability that is simply triggered with the following payload: GET /../../../../../../../../../../../../etc/passwd If running in the docker container, the /etc/passwd file is from the Docker Container instance itself. The vulnerability exists in the server.js file used to spin up the web server. The Docker Container and the current application code in GitHub as of 11/11/2023 is vulnerable with no fix from the developers. The security issue was submitted back on August 9th 2023. Video of exploitation will be available in the next few days after this public release posting. Discovered By: Kevin Randall _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Current thread:
- CVE-2023-46307 Kevin (Nov 27)
- <Possible follow-ups>
- CVE-2023-46307 Kevin (Nov 27)