CVE-2009-0497

Ignite Realtime Openfire 3.6.2 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0497. PoCs published by Federico Muttis.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Openfire by manipulating the 'log' parameter in log.jsp to access sensitive files outside the intended directory. The PoC shows how an attacker can retrieve system files like netsetup.log by traversing directories.

Description

Directory traversal vulnerability in log.jsp in Ignite Realtime Openfire 3.6.2 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the log parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Federico Muttis · textwebappsjsp

https://www.exploit-db.com/exploits/32680

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in Openfire by manipulating the 'log' parameter in log.jsp to access sensitive files outside the intended directory. The PoC shows how an attacker can retrieve system files like netsetup.log by traversing directories.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Openfire 3.6.2

No auth needed

Prerequisites: Network access to the target Openfire server

MITRE ATT&CK