codeboot icon indicating copy to clipboard operation
codeboot copied to clipboard

Published 20 hours ago verified publisher icon feeley

Local File Inclusion in urlget.cgi

Open Aeinot opened this issue 6 years ago • 0 comments

The line response = urllib2.urlopen(request.getvalue("url")) can be used to access the content of files on the server. urllib2 accepts local URLs, so simply send a URL starting with file: to display the content of the file in question. POC : executing JS code CodeBoot.prototype.urlGet('file:///etc/passwd').

Aeinot avatar Nov 20 '18 23:11 Aeinot