Sockso Music Host Server versions <= 1.5 are vulnerable to a path traversal flaw that allows unauthenticated remote attackers to read arbitrary files from the server’s filesystem. The vulnerability exists in the HTTP interface on port 4444, where the endpoint /file/ fails to properly sanitize user-supplied input. Attackers can traverse directories and access sensitive files outside the intended web root.
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
| Link | Tags |
|---|---|
| https://web.archive.org/web/20120326095835/http://sockso.pu-gh.com/ | product patch |
| https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/sockso_traversal.rb | exploit |
| https://github.com/rodnaph/sockso | product |
| http://aluigi.altervista.org/adv/sockso_1-adv.txt | exploit technical description |
| https://www.exploit-db.com/exploits/18605 | exploit |
| https://www.vulncheck.com/advisories/sockso-music-host-server-path-traversal | third party advisory |