This exploit demonstrates a Local File Inclusion (LFI) vulnerability in FHEM 6.0 by manipulating the 'file' parameter in a GET request to read arbitrary files (e.g., /etc/passwd). The PoC includes a crafted HTTP request that exploits the vulnerability to leak sensitive information.
Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:FHEM v6.0
No auth needed
Prerequisites:Network access to the FHEM web interface