Apache Axis2 Directory Traversal Vulnerability Scanner

Exploits a directory traversal vulnerability in Apache Axis2 version 1.4.1 by sending a specially crafted request to the parameter xsd (BID 40343). By default it will try to retrieve the configuration file of the Axis2 service '/conf/axis2.xml' using the path '/axis2/services/' to return the username and password of the admin account.

To exploit this vulnerability we need to detect a valid service running on the installation so we extract it from /listServices before exploiting the directory traversal vulnerability. By default it will retrieve the configuration file, if you wish to retrieve other files you need to set the argument http-axis2-dir-traversal.file correctly to traverse to the file's directory. Ex. ../../../../../../../../../etc/issue

Reference:

• https://www.exploit-db.com/exploits/12721/