.. / CVE-2016-10367

Exploit for Opsview Monitor Pro - Local File Inclusion (CVE-2016-10367)

Description:

Opsview Monitor Pro prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch is vulnerable to unauthenticated local file inclusion and can be exploited by issuing a specially crafted HTTP GET request utilizing a simple bypass.

Nuclei Template

View the template here CVE-2016-10367.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2016/CVE-2016-10367.yaml

References:

https://github.com/ARPSyndicate/cvemon
https://nvd.nist.gov/vuln/detail/CVE-2016-10367
https://github.com/ARPSyndicate/kenzer-templates
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-016/?fid=8341
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18774

.. / CVE-2016-10367 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Opsview Monitor Pro - Local File Inclusion (CVE-2016-10367)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2016-10367