Skip to content

Local File Inclusion in urlget.cgi #101

New issue
New issue
Open
Open
Local File Inclusion in urlget.cgi#101
@Aeinot

Description

@Aeinot
Aeinot
opened on Nov 20, 2018

The line response = urllib2.urlopen(request.getvalue("url")) can be used to access the content of files on the server. urllib2 accepts local URLs, so simply send a URL starting with file: to display the content of the file in question.
POC : executing JS code CodeBoot.prototype.urlGet('file:///etc/passwd').

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions