Share
## https://sploitus.com/exploit?id=PACKETSTORM:175954
An issue was discovered in server.js in etcd-browser 87ae63d75260. By  
supplying a /../../../ Directory Traversal input to the URL's GET  
request while connecting to the remote server port specified during  
setup, an attacker can retrieve local operating system files from the  
remote system.  
  
------------------------------------------  
  
[Vulnerability Type]  
Directory Traversal  
  
------------------------------------------  
  
[Vendor of Product]  
https://hub.docker.com/r/buddho/etcd-browser  
  
------------------------------------------  
  
[Affected Product Code Base]  
etcd-browser - Unknown  
  
------------------------------------------  
  
[Affected Component]  
the server.js file does not validate the path for files.  
  
------------------------------------------  
  
[Attack Type]  
Remote  
  
------------------------------------------  
  
[Impact Information Disclosure]  
true  
  
------------------------------------------  
  
[CVE Impact Other]  
Allow for a remote arbitrary user to obtain local operating system files  
  
------------------------------------------  
  
[Attack Vectors]  
The attacker must supply a /../../ technique to the server application  
running on the remote port specified during setup  
  
------------------------------------------  
  
[Reference]  
https://hub.docker.com/r/buddho/etcd-browser  
https://hub.docker.com/r/buddho/etcd-browser/tags  
  
------------------------------------------  
  
[Discoverer]  
Kevin Randall