Cobbler 2.4.x < 2.6.x - Local File Inclusion







Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.


# Exploit Title: Local File Inclusion vulnerability in cobbler

# Exploit author: Dolev Farhi @f1nhack

# Date 07/05/2014

# Vendor homepage:

# Affected Software version: 2.4.x - 2.6.x

# Alerted vendor: 7.5.14

Software Description
Cobbler is a Linux installation server that allows for rapid setup of network installation environments. It glues together and automates many associated Linux tasks so you do not have to hop between many various commands and applications when deploying new systems, and, in some cases, changing existing ones.
Cobbler can help with provisioning, managing DNS and DHCP, package updates, power management, configuration management orchestration, and much more.

Vulnerability Description
Local file inclusion

Steps to reproduce / PoC:
1.1. Login to Cobbler WebUI:

1.2. Under Profiles -> Create New Profile

1.3. Create a new profile with some name, assign a distribution to it.

1.4: in Kickstart value, enter /etc/passwd
1.5. Save the profile

1.6. Navigate again to Profiles page

1.7. press on "View Kickstart" next to the new profile created.

1.8. /etc/passwd content is shown.

  <-> PoC Video: