CVE-2017-14537-Exploit
Exploit Title: Trixbox 2.8.0.4 - 'lang' Path Traversal
CVE description:
Trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.
ExploitDB:
Exploit description:
- Credits to: https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/
- Credits to: (Author of the link above: Sachin Wagh; Twitter: @tiger_tigerboy)
- Vendor Homepage: https://sourceforge.net/projects/asteriskathome/
- Software Link: https://sourceforge.net/projects/asteriskathome/files/trixbox%20CE/trixbox%202.8/trixbox-2.8.0.4.iso/download
- Version: 2.8.0.4
- Tested on: Xubuntu 20.04
Usage:
python3 exploit.py [target_IP] [target_Port]
