Sunday 15 May 2016

Web2py Vulnerabilities 2.14.5 : LFI,XSS,CSRF,Brute Force Attack

Web2py Vulnerabilities


This post is about Web2py  Vulnerabilities which we have found, POC`s are created under Mac OS X EI Capitan, But also tested on windows 7 as well as linux platform.

#Download the vulnerable Apphttps://drive.google.com/file/d/0B-LjC3oY6tUpZlNkV3BnZU85Y0E/view?usp=sharing
# Exploit Title : Web2py 2.14.5 Multiple Vulnerabilities LFI, XSS,CSRF, Brute Force On Login
# Reported Date : 2-April-2016
# Fixed Date : 4-April-2016
# Exploit Author : Narendra Bhati
# CVE ID : LFI - CVE-2016-4806 , Reflected XSS - CVE-2016-4807 , CSRF - CVE-2016-4808, Login Brute Force - CVE-2016-10321
# Tested On : MAC OS X EI Capitan, Windows 7 64 Bit, Most Linux Platforms.
# Fix/Patching : Update To Web2py. 2.14.6
# Facebook : https://facebook.com/imnarendrabhati
# Twitter : http://twitter.com/imnarendrabhati