Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2014-5111 PoC — Fonality Trixbox 目录遍历漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2014/CVE-2014-5111.yaml
Associated Vulnerability
Title:Fonality Trixbox 目录遍历漏洞 (CVE-2014-5111)
Description:Fonality Trixbox(前称Asterisk Home)是美国Fonality公司的一套集成VoIP和CRM功能的开源电话交换机解决方案。该方案支持语音信箱、多方语音会议和交互式语音应答(IVR)等。 Fonality Trixbox中存在目录遍历漏洞,该漏洞源于maint/modules/目录下的多个脚本(home/index.php,asterisk_info/asterisk_info.php,repo/repo.php,endpointcfg/endpointcfg.php)没有充分过滤
Description
Multiple local file inclusion vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/.
File Snapshot

 id: CVE-2014-5111

info:
  name: Fonality trixbox - Local File Inclusion
  author: daffainfo
  sever

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.