2021-06-10 10:05:33 |
Anh Nguyen |
description |
Hello,
I've found a Local File Inclusion (LFI) vulnerability in creating a workbook on OpenStack Dashboard.
This vulnerability allows the attacker to read a sensitive file on the server like /etc/password, config file, etc. Tested version: Victoria Horizon 18.6.3
I do not an opportunity to test the other version, but I think those versions also vulnerable.
Steps to reproduce:
1. Create a text file datnt78.txt with content: "/etc/passwd"
2. Select Workflow -> Workbooks -> Create Workbook
3. In "Definition Source" select "File" then browse datnt78.txt file then click Validate and got /etc/passwd content.
This is the request: http://paste.openstack.org/show/806520/
This is the response: http://paste.openstack.org/show/806521/
Please find the sample file and POC image in the attachment.
Thank you,
DatNT78 from FTEL CSOC |
Hello,
I've found a Local File Inclusion (LFI) vulnerability in creating a workbook on OpenStack Dashboard.
This vulnerability allows the attacker to read a sensitive file on the server like /etc/password, config file, etc. Tested version: Victoria Horizon 18.6.3
I do not an opportunity to test the other version, but I think those versions also vulnerable.
Steps to reproduce:
1. Create a text file datnt78.txt with content: "/etc/passwd"
2. Select Workflow -> Workbooks -> Create Workbook
3. In "Definition Source" select "File" then browse datnt78.txt file then click Validate and got /etc/passwd content.
This is the request: http://paste.openstack.org/show/806520/
This is the response: http://paste.openstack.org/show/806521/
Please find the sample file and POC image in the attachment.
Thank you,
DatNT78 at FTEL CSOC |
|