directory traversal

All posts tagged directory traversal

NOTE: This is for education purpose only

Good Evening friends, today we will see about arbitrary file access vulnerability in Kodi 15. For those guys who have no idea what Kodi is, it is “an award-winning free and open source cross-platform software media player and entertainment hub for HTPCs. Kodi can be used to play almost all popular audio and video formats around.” We will exploit a LFI vulnerability in its web interface.

Before we start, let me make clear that the credit for finding this vulnerability goes to one “MICHAEL PRONK” of exploit-db. I am just showing how to use that exploit. The exploit is shown below.

kodid1

Ok, now let’s see it in real time. Open Shodan ( which means you should have an account there ) and search for “title:kodi os:linux” as shown below. We are searching for all Linux machines with Kodi installed on them. The results will be as shown below.

kodid2

Now open any one interface. It should look like below. Kodi, by default runs on port 8080.

kodid3

Now we will try to access the passwd file available in this  Linux machines. Just after port number, try this query

/%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd 

as shown below. You should get the contents of passwd file as shown below.

kodid4

Here’s another example.

kodid5