An attacker can make use of this vulnerability to step out of the root directory and access other parts of the file system.
This might give the attacker the ability to view restricted files, which could provide the attacker with more information required to further compromise the system.
https://www.acunetix.com/websitesecurity/directory-traversal/
Severity: critical
Fingerprint: ac4d53c4832b2491c591c07df231d2bcf231d2bc8117f206b4436c27ccc1d846
Found host file trough Directory traversal: 127.0.0.1 localhost # the following lines are desirable for ipv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 127.0.1.1 gwg
Open service 149.210.80.158:8000
2024-06-14 16:50
HTTP/1.1 200 OK CONNECTION: close Date: Fri, 14 Jun 2024 18:48:10 GMT Last-Modified: Thu, 29 Aug 2019 13:03:59 GMT Etag: "1567083839:bfa" CONTENT-LENGTH: 3066 P3P: CP=CAO PSA OUR X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1;mode=block Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' X-Content-Type-Options: nosniff CONTENT-TYPE: text/html Page title: WEB SERVICE <!DOCTYPE HTML> <html> <head> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta charset="UTF-8"> <title>WEB SERVICE</title> <link href="./baseProj/images/favicon.ico" type="image/x-icon" rel="shortcut icon"> <script src="ext/ext-all.js"></script> <script type="text/javascript" src="./projectPath.js"></script> <script type="text/javascript" src="/app/libs/require.js"></script> <script type="text/javascript" src="/app/jsCore/require-config.js"></script> <script type="text/javascript">Ext.onReady(function () { //启用缓存 Ext.Loader.setConfig({ "disableCaching": true, "paths":{ "basePath": BASEURL, //配置基础项目的文件路径 "projectPath": PROJECT_URL //配置定制项目的文件路径 } }); //定义项目的加载路径 var basePath = Ext.Loader.getPath('basePath'), projectPath = Ext.Loader.getPath('projectPath'); //设置类的地址路径 Ext.Loader.setPath({ "jsCore": "app/jsCore", 'component': "baseProj/js/component", 'js': 'baseProj/js', 'plugin': 'app/plugin', 'widget': 'baseProj/js/widget', 'baseCls':'app/baseCls', 'app': 'baseCls', //各个项目统一一个app 'customJs': projectPath+'js', // 非基线项目引用的js路径 'desktop':PROJ_MODULE.indexOf('desktop') != -1? projectPath+'js/desktop':basePath+'/js/desktop', //加载指定项目的Desktop.js 'data': PROJ_MODULE.indexOf('data') != -1 ? projectPath + 'data': basePath + '/data' //加载指定项目的数据文件 }); //桌面内容不可选择 Ext.getBody().unselectable(); require(['pubsub', 'core', 'extend', 'libs/qrcode', 'libs/jsonpath', 'libs/json2', 'libs/base64', 'libs/md5', 'libs/aes', 'libs/rsa', 'libs/moment', 'timeaxes/TimeAxes', 'timeaxes/TimeAxesAdaptor', 'timeaxes/TimeGridLayer', 'h5Player' ], function () { //载入必要的模块,字符串文件加载完成后,初始化和加载应用 Ext.require(['jsCore.Common'], function () { jsCore.Common.getJsonLanguage().done(function () { //自验问题修改:设备初始化界面,密码输入框输入时,报js错误,修改为先设置规则 jsCore.Common.setFieldVtype(); Ext.require(['baseCls.App']); //***密码输入框输入时,报js错误 END***// }); }); }); });</script> </head> <body></body> <script type="text/javascript" src="./pluginVersion.js"></script> <script type="text/javascript" src="./webVersion.js"></script> <script type="text/javascript" src="./cap.js"></script> </html>