.. / CVE-2019-11013

Exploit for Nimble Streamer <=3.5.4-9 - Local File Inclusion (CVE-2019-11013)

Description:

Nimble Streamer 3.0.2-2 through 3.5.4-9 is vulnerable to local file inclusion. An attacker can traverse the file system to access files or directories that are outside of the restricted directory on the remote server.

Nuclei Template

View the template here CVE-2019-11013.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2019/CVE-2019-11013.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2019-11013
https://www.exploit-db.com/exploits/47301
https://github.com/ARPSyndicate/kenzer-templates
https://mayaseven.com/nimble-directory-traversal-in-nimble-streamer-version-3-0-2-2-to-3-5-4-9/
http://packetstormsecurity.com/files/154196/Nimble-Streamer-3.x-Directory-Traversal.html

.. / CVE-2019-11013 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Nimble Streamer <=3.5.4-9 - Local File Inclusion (CVE-2019-11013)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2019-11013