.. / CVE-2018-8770

Exploit for Cobub Razor 0.8.0 - Information Disclosure (CVE-2018-8770)

Description:

Cobub Razor 0.8.0 is susceptible to information disclosure via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php, controllers/postusinglogTest.php, fixtures/Controller_fixt.php, fixtures/Controller_fixt2.php, fixtures/view_fixt2.php, libs/ipTest.php, or models/commonDbfix.php. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations.

Nuclei Template

View the template here CVE-2018-8770.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2018/CVE-2018-8770.yaml

References:

https://github.com/Kyhvedn/CVE_Description/blob/master/Cobub_Razor_0.8.0_more_physical_path_leakage.md
https://nvd.nist.gov/vuln/detail/CVE-2018-8770
https://www.exploit-db.com/exploits/44495/
https://github.com/ARPSyndicate/kenzer-templates
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8770

.. / CVE-2018-8770 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Cobub Razor 0.8.0 - Information Disclosure (CVE-2018-8770)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2018-8770