I-doit’s pro V25 is vulnerable to path traversal — arbitrary file read. The vulnerability allows attackers to read any file on the file system by the privilege of the web server. It exposes sensitive information to the authenticated users on the application.
Affected users: authenticated users
Product Description: i-doit is a web-based and open-sourced Configuration and Management Database, CMDB, published by Synetics GmbH.
Vulnerability Description: Attackers can leverage this vulnerability to get the content of config files, credentials in plaintext, hashed credentials, and other sensitive information on the file system.
Affected path: /
Affected Parameter: file
The following payloads were tested on i-doit Pro v25.
Payload demonstration:
- Leveraging the vulnerability to get the database credential and hashed admin password.
2. Leveraging the vulnerability to get /etc/passwd
