module
DoliWamp 'jqueryFileTree.php' Traversal Gather Credentials
| Disclosed | Created |
|---|---|
| Jan 12, 2014 | May 30, 2018 |
Disclosed
Jan 12, 2014
Created
May 30, 2018
Description
This module will extract user credentials from DoliWamp - a WAMP
packaged installer distribution for Dolibarr ERP on Windows - versions
3.3.0 to 3.4.2 by hijacking a user's session. DoliWamp stores session
tokens in filenames in the 'tmp' directory. A directory traversal
vulnerability in 'jqueryFileTree.php' allows unauthenticated users
to retrieve session tokens by listing the contents of this directory.
Note: All tokens expire after 30 minutes of inactivity by default.
packaged installer distribution for Dolibarr ERP on Windows - versions
3.3.0 to 3.4.2 by hijacking a user's session. DoliWamp stores session
tokens in filenames in the 'tmp' directory. A directory traversal
vulnerability in 'jqueryFileTree.php' allows unauthenticated users
to retrieve session tokens by listing the contents of this directory.
Note: All tokens expire after 30 minutes of inactivity by default.
Author
bcoles bcoles@gmail.com
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.