CVE-2016-10367 PoC — Opsview Monitor Pro 路径遍历漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2016/CVE-2016-10367.yaml

Associated Vulnerability

Title:Opsview Monitor Pro 路径遍历漏洞 (CVE-2016-10367)
Description:Opsview Monitor Pro是英国Opsview公司的一套企业级的网络、服务器和应用程序监控工具。该工具可与Nagios Core、RRDTool等监控系统集成使用。 Opsview Monitor Pro中存在目录遍历漏洞。攻击者可通过发布特制的HTTP GET请求利用该漏洞浏览文件。以下版本受到影响：Opsview Monitor Pro 5.1.0.162300841之前的版本，5.0.2.27475之前的版本，4.6.4.162391051之前的版本，4.5.x版本（不含有2016版本安

Description

Opsview Monitor Pro prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch is vulnerable to unauthenticated local file inclusion and can be exploited by issuing a specially crafted HTTP GET request utilizing a simple bypass.

File Snapshot


 id: CVE-2016-10367

info:
  name: Opsview Monitor Pro - Local File Inclusion
  author: 0x_akoko
  se

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!