Apache Axis2 Directory Traversal Vulnerability Scanner

You can scan Apache Axis2 Directory Traversal Vulnerability by using this tool.

Short Info

Level

High

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

15 sec

Scan only one

Domain, Ipv4

Parent Category

Apache Axis2 Directory Traversal Vulnerability Scanner Detail

Exploits a directory traversal vulnerability in Apache Axis2 version 1.4.1 by sending a specially crafted request to the parameter xsd (BID 40343). By default it will try to retrieve the configuration file of the Axis2 service '/conf/axis2.xml' using the path '/axis2/services/' to return the username and password of the admin account.

To exploit this vulnerability we need to detect a valid service running on the installation so we extract it from /listServices before exploiting the directory traversal vulnerability. By default it will retrieve the configuration file, if you wish to retrieve other files you need to set the argument http-axis2-dir-traversal.file correctly to traverse to the file's directory. Ex. ../../../../../../../../../etc/issue

Reference:

https://www.exploit-db.com/exploits/12721/

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.

Try it yourself,
control security posture

Get free usage

Learn More About Product