module
DnaLIMS Directory Traversal
Disclosed | Created |
---|---|
2017-03-08 | 2018-05-30 |
Disclosed
2017-03-08
Created
2018-05-30
Description
This module exploits a directory traversal vulnerability found in dnaLIMS.
Due to the way the viewAppletFsa.cgi script handles the 'secID' parameter, it is possible
to read a file outside the www directory.
Due to the way the viewAppletFsa.cgi script handles the 'secID' parameter, it is possible
to read a file outside the www directory.
Authors
h00die mike@shorebreaksecurity.com
flakey_biscuit nicholas@shorebreaksecurity.com
flakey_biscuit nicholas@shorebreaksecurity.com
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.