Owlfiles File Manager Path Traversal Vulnerability

A path traversal vulnerability has been identified in Owlfiles File Manager version 12.0.1. This vulnerability resides in the application's built-in HTTP server, allowing attackers to access restricted system directories. Exploitation involves crafting GET requests that include directory traversal sequences to reach these protected directories on the device.

Impact

Exploitation of this vulnerability allows for unauthorized access to system directories, which could lead to further exploitation or exposure of sensitive information.

Reproduction

The vulnerability can be reproduced by sending a GET request to the application's HTTP server with directory traversal sequences. This request can be made using a tool like curl or through a web browser's developer tools. The server will respond with a 200 OK status and the contents of the accessed directory, demonstrating successful exploitation.