module

ThinVNC Directory Traversal

Disclosed	Created
Oct 16, 2019	Oct 24, 2019

Disclosed

Oct 16, 2019

Created

Oct 24, 2019

Description

This module exploits a directory traversal vulnerability in ThinVNC
versions 1.0b1 and prior which allows unauthenticated users to retrieve
arbitrary files, including the ThinVNC configuration file.

This module has been tested successfully on ThinVNC versions 1.0b1
and "ThinVNC_Latest" (2018-12-07).

Authors

jinxbox
WarMarX
bcoles [email protected]

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':


    msf > use auxiliary/scanner/http/thinvnc_traversal
    msf auxiliary(thinvnc_traversal) > show actions
        ...actions...
    msf auxiliary(thinvnc_traversal) > set ACTION < action-name >
    msf auxiliary(thinvnc_traversal) > show options
        ...show and set options...
    msf auxiliary(thinvnc_traversal) > run

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report