CVE-2018-16288 PoC — LG SuperSign CMS 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-16288.yaml

Associated Vulnerability

Title:LG SuperSign CMS 安全漏洞 (CVE-2018-16288)
Description:LG SuperSign CMS是韩国乐金（LG）集团的一套针对LG webOS的内容管理系统。该系统支持连接外部数据库，并允许从移动设备访问服务器。 LG SuperSign CMS中存在安全漏洞。攻击者可借助signEzUI/playlist/edit/upload/..%2f URIs利用该漏洞读取任意文件。

Description

LG SuperSign CMS 2.5 allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs - aka local file inclusion.

File Snapshot


 id: CVE-2018-16288

info:
  name: LG SuperSign EZ CMS 2.5 - Local File Inclusion
  author: daffainfo

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!