.. / CVE-2014-5258

Exploit for webEdition 6.3.8.0 - Directory Traversal (CVE-2014-5258)

Description:

A directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.

Nuclei Template

View the template here CVE-2014-5258.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2014/CVE-2014-5258.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2014-5258
http://packetstormsecurity.com/files/128301/webEdition-6.3.8.0-Path-Traversal.html
http://www.webedition.org/de/webedition-cms/versionshistorie/webedition-6/version-6.3.9.0
http://www.webedition.org/de/aktuelles/webedition-cms/webEdition-6.3.9-Beta-erschienen
https://www.exploit-db.com/exploits/34761

.. / CVE-2014-5258 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for webEdition 6.3.8.0 - Directory Traversal (CVE-2014-5258)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2014-5258