.. / CVE-2023-6038

Exploit for H2O ImportFiles - Local File Inclusion (CVE-2023-6038)

Description:

An attacker is able to read any file on the server hosting the H2O dashboard without any authentication.

Nuclei Template

View the template here CVE-2023-6038.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-6038.yaml
Copy

References:

https://huntr.com/bounties/380fce33-fec5-49d9-a101-12c972125d8c/
https://github.com/h2o/h2o
https://nvd.nist.gov/vuln/detail/CVE-2023-6038