Comments (2)
Hi @d4wner,
if you downloaded the Kaltura server software in the time after the advisory was released, you will have downloaded a patched version which is not vulnerable anymore. You can try manually reverting the patch made here.
The 'index.php'-path may be mapped via htaccess file, so I'm not sure if you can call it any other way. To test it you can install (and old) kaltura software and then access this path over the started web server.
For CVE-2017-1414 there is no separate PoC needed. You can take the payload generated by the other PoC I published and just pass it in the admin panel - again only for the vulnerable 13.1.x version.
Greetings
from telekom-security.github.io.
Well, firstly , thx for your response.
But I just regard e:/www/server/
as the webroot, I exactly mean I want to know where is webroot of your environment.
After all , there is no .htaccess
file in the folder e:/www/server/
, and there is no "index.php" file in this folder.
So I must find the absolute path of the webroot exactly, and I could to find a way to visit the url like what you have done, sir.
By the way, how can I find the admin panel ?
I just could not find the relative path of it.
I would find it easily if you give me the example admin-pannel url like this:
http://localhost/index.php/admin-panel
Or could you just give me a note url about how to login into the admin-panel?
I'm sorry to disturb you of these issues but I really need it.
Thx very much!
from telekom-security.github.io.
Related Issues (1)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from telekom-security.github.io.