CVE-2017-14537
published 2018-02-16CVE-2017-14537: trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.
PriorityP356medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EXPLOIT
EPSS
39.49%
98.4th percentile
trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| netfortris | trixbox | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commandxajax=menu&xajaxr=1504969293893&xajaxargs[]=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd&xajaxargs[]=yumPackages↗
url/maint/modules/home/index.php?lang=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00english↗
- →Detect POST requests to /maint/index.php?packages containing path traversal sequences in the xajaxargs[] parameter (e.g., ..%2f sequences targeting /etc/passwd). ↗
- →Detect GET requests to /maint/modules/home/index.php with a lang parameter containing path traversal sequences and a null-byte (%00) followed by 'english' to bypass extension checks. ↗
- →Alert on HTTP responses containing 'root:.*:0:0:' pattern in the body, indicating successful /etc/passwd file read via path traversal. ↗
- →Flag use of hardcoded Basic Auth credential 'bWFpbnQ6cGFzc3dvcmQ=' (base64 for maint:password) in Authorization headers targeting Trixbox /maint/ endpoints. ↗
- ·The null-byte (%00) truncation technique used in the lang parameter traversal (appending %00english) is only effective on PHP installations where null-byte handling in file path functions is not patched — typically PHP < 5.3.4. ↗
- ·The exploit targets the /maint/ interface which requires authentication (Basic Auth with maint:password); detections should account for authenticated sessions, not just anonymous traffic. ↗
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Trixbox 2.8.0.4 - 'lang' Path Traversal
exploitdb·2021-05-28·CVSS 6.5
CVE-2017-14537 [MEDIUM] Trixbox 2.8.0.4 - 'lang' Path Traversal
Trixbox 2.8.0.4 - 'lang' Path Traversal
---
# Exploit Title: Trixbox 2.8.0.4 - 'lang' Path Traversal
# Date: 27.05.2021
# Exploit Author: Ron Jost (Hacker5preme)
# Credits to: https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/
# Credits to: Sachin Wagh
# Vendor Homepage: https://sourceforge.net/projects/asteriskathome/
# Software Link: https://sourceforge.net/projects/asteriskathome/files/trixbox%20CE/trixbox%202.8/trixbox-2.8.0.4.iso/download
# Version: 2.8.0.4
# Tested on: Xubuntu 20.04
# CVE: CVE-2017-14537
'''
Description:
trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the
lang parameter to /maint/modules/home/index.php.
'''
'''
Import required modules:
'''
import r
Nuclei
Trixbox 2.8.0 - Path Traversal
nuclei·CVSS 6.5
CVE-2017-14537 [MEDIUM] Trixbox 2.8.0 - Path Traversal
Trixbox 2.8.0 - Path Traversal
Trixbox 2.8.0.4 is susceptible to path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.
Template:
id: CVE-2017-14537
info:
name: Trixbox 2.8.0 - Path Traversal
author: pikpikcu
severity: medium
description: Trixbox 2.8.0.4 is susceptible to path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.
impact: |
Successful exploitation of this vulnerability could allow an attacker to read arbitrary files on the server.
remediation: |
Apply the latest security patches or upgrade to a newer version of Trixbox to mitigate this vulnerability.
reference:
- https://secur1tyadvisory.wordpress.com/2018/02/13/trixbo
http://packetstormsecurity.com/files/162853/Trixbox-2.8.0.4-Path-Traversal.htmlhttp://www.securityfocus.com/bid/103007https://github.com/Hacker5preme/Exploits/tree/main/CVE-2017-14537-Exploithttps://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/http://packetstormsecurity.com/files/162853/Trixbox-2.8.0.4-Path-Traversal.htmlhttp://www.securityfocus.com/bid/103007https://github.com/Hacker5preme/Exploits/tree/main/CVE-2017-14537-Exploithttps://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/
2018-02-16
Published