This exploit demonstrates a Local File Inclusion (LFI) vulnerability in BoltWire 6.03. By manipulating the 'action' parameter in a GET request, an authenticated user can read arbitrary files on the server, such as '/etc/passwd'.
Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:BoltWire 6.03
Auth required
Prerequisites:Authenticated user access · Target server running BoltWire 6.03