Authored by Vartamtzidis Theodoros

Copyparty version 1.8.2 suffers from a directory traversal vulnerability.

advisories | CVE-2023-37474

# Exploit Title: copyparty 1.8.2 - Directory Traversal
# Date: 14/07/2023
# Exploit Author: Vartamtzidis Theodoros (@TheHackyDog)
# Vendor Homepage:
# Software Link:
# Version: <=1.8.2
# Tested on: Debian Linux
# CVE : CVE-2023-37474

Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory.

curl -i -s -k -X GET ''