CVE-2019-17538 Scanner

Jiangnan Online Judge, also known as jnoj, is an online platform used for testing and evaluating computer programming skills. It is commonly utilized by universities and industries to assess the coding proficiency of their employees and students. The platform consists of a series of programming problems, which are solved by submitting program codes that are then tested against specific test cases. Users are then provided with feedback on their code submissions, including error messages and execution time.

Recently, a vulnerability in Jiangnan Online Judge was detected. CVE-2019-17538 allowed attackers to perform directory traversal attacks by exploiting the file reading function via the web/polygon/problem/viewfile?id=1&name=../ substring. Attackers could use this vulnerability to read sensitive files on the server, including configuration files and user data. This could lead to theft of sensitive information or the compromise of the entire system.

Exploitation of the CVE-2019-17538 vulnerability can lead to significant damage to both the organization that owns the web application and its users. Attackers could exploit this vulnerability to steal sensitive data and intellectual property. Furthermore, this vulnerability could also compromise the integrity of the platform and enable attackers to manipulate the system, which could result in lowered user trust, potential legal implications, and revenue loss.

By utilizing the pro features of the s4e.io platform, readers of this article can easily and quickly learn about vulnerabilities in their digital assets. s4e.io provides a comprehensive and user-friendly vulnerability management platform that offers automatic vulnerability scanning, easy-to-understand information on vulnerabilities, and guidance on best practices for remediation. By utilizing this platform, organizations can proactively identify vulnerabilities and prevent attacks before they happen.

REFERENCES

• https://github.com/shi-yang/jnoj/issues/53