CVE-2024-6746
published 2024-07-15CVE-2024-6746: A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the…
PriorityP259high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
EXPLOIT
EPSS
3.33%
87.1th percentile
A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file \EasySpider\resources\app\server.js of the component HTTP GET Request Handler. The manipulation with the input /../../../../../../../../../Windows/win.ini leads to path traversal: '../filedir'. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The identifier VDB-271477 was assigned to this vulnerability. NOTE: The code maintainer explains, that this is not a big issue "because the default is that the software runs locally without going through the Internet".
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| easyspider | easyspider | — | — |
| naibowang | easyspider | — | — |
Detection & IOCsextracted from sources · hover to see the quote
urlGET /../../../../../../../../../Windows/win.ini HTTP/1.1
- →Fingerprint the EasySpider HTTP server by requesting /taskGrid/tasklist.html and checking for the presence of 'Task List', 'Task ID', 'Task Name', 'URL', and '任务列表 | Task List' in the response body with HTTP 200.
- →Confirm path traversal exploitation by issuing GET /../../../../../../../../../Windows/win.ini and checking the response body for 'bit app support', 'fonts', and 'extensions' with HTTP 200.
- →The vulnerable component is the HTTP GET Request Handler in server.js; monitor HTTP server logs on the EasySpider local port for requests containing '../' sequences traversing to system paths such as Windows/win.ini. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.05.3MEDIUMCVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.03.3LOWAV:A/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
EasySpider 0.6.2 - Arbitrary File Read
nuclei·CVSS 5.3
CVE-2024-6746 [MEDIUM] EasySpider 0.6.2 - Arbitrary File Read
EasySpider 0.6.2 - Arbitrary File Read
A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file \EasySpider\resources\app\server.js of the component HTTP GET Request Handler. The manipulation with the input /../../../../../../../../../Windows/win.ini leads to path traversal: '../filedir'. The attack needs to be done within the local network.
Template:
id: CVE-2024-6746
info:
name: EasySpider 0.6.2 - Arbitrary File Read
author: s4e-io
severity: medium
description: |
A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file \EasySpider\resources\app\server.js of the component
No writeups or analysis indexed.
2024-07-15
Published