Wsgiserver 0.2 Cpython 3.10.4 Exploit 🔥 🆓

The server fails to protect against multiple slashes ( // ) at the beginning of a URI path.

curl http:// :8000/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd 2. Open Redirection (CVE-2021-28861) wsgiserver 0.2 cpython 3.10.4 exploit

Because WSGIServer/0.2 is often used to host custom Python web applications, it is frequently the target of exploits if the application code insecurely handles user input. The server fails to protect against multiple slashes

An attacker can use dot-dot-slash ( ../ ) sequences to access sensitive system files like /etc/passwd . wsgiserver 0.2 cpython 3.10.4 exploit