烽火（Fiberhome）HG-110 设备目录穿越漏洞

知道创宇安全研究团队 2015 . 03 . 31一.漏洞概要近期，国外安全研究员发布了针对全球 ADSL 设备存在目录穿越漏洞的研究网页链接1，这个漏洞早在 2011 年就被提出了，影响烽火（Fiberhome）HG-110 型号设备网页链接2，本着学习的态度，笔者对该漏洞进行了一番考证，写在这里。a）漏洞描述烽火（Fiberhome）HG-110 型号设备目录穿越漏洞网页链接3，是由于 webproc 文件在处理参数 getpage 传递过来的文件访问时没有合适过滤，导致用户可以利用 ../../ 跳转访问 web 目录之外的系统文件。b）漏洞分析烽火（Fiberhome）HG-11...

Beacon（Fiberhome）HG-1 1 0 device directory traversal vulnerability study-vulnerability warning-the black bar safety net

Know Chong Yu security research group 2 0 1 5 . 0 3 . 3 1 This article PDF Download: fiberhome HG-1 1 0 device recorded traversal vulnerability study 1. Updates Edition: first edition Time: 2015 / 3 / 31 Description: The first edition of the complete 2. Vulnerability summary Recently, foreign...

FiberHome Modem Router HG-110 - Authentication Bypass To Remote Change DNS Servers

No description provided by source. Exploit Title: Directory Path Traversal FiberHome Modem Router HG-110 / Remote Change DNS Servers Date: 22/09/2013 Exploit Author: Javier Perez - [email protected] - @thes41nt Vendor Homepage: http://hk.fiberhomegroup.com/ Version: HG110BHV1.6 PoC: Remote...

FiberHome Modem Router HG-110 Authentication Bypass

Exploit Title: Directory Path Traversal FiberHome Modem Router HG-110 / Remote Change DNS Servers Date: 22/09/2013 Exploit Author: Javier Perez - [email protected] - @thes41nt Vendor Homepage: http://hk.fiberhomegroup.com/ Version: HG110BHV1.6 PoC: Remote Change DNS Servers Example file...

FiberHome Modem Router HG-110 - Authentication Bypass To Remote Change DNS Servers

FiberHome Modem Router HG-110 - Authentication Bypass To Remote Change DNS Servers Exploit Title: Directory Path Traversal FiberHome Modem Router HG-110 / Remote Change DNS Servers Date: 22/09/2013 Exploit Author: Javier Perez - [email protected] - @thes41nt Vendor Homepage:...

FiberHome HG-110 - Cross-Site Scripting Directory Traversal

FiberHome HG-110 - Cross-Site Scripting Directory Traversal source: https://www.securityfocus.com/bid/47277/info Fiberhome HG-110 is prone to a cross-site scripting vulnerability and a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting thes...

Fiberhome HG-110 Cross Site Scripting / Local File Inclusion

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I found two vulnerabilities on fiberhome hg-110 routers1 and has not been reported nor fixed. XSS: - - http://192.168.1.1:8000/cgi-bin/webproc?getpage=%3Cscript%3Ealert%28this%29%3C/script%3E&var:menu=advanced&var:page=dns Local File Include and...

FiberHome HG-110 - Cross-Site Scripting / Directory Traversal

source: https://www.securityfocus.com/bid/47277/info Fiberhome HG-110 is prone to a cross-site scripting vulnerability and a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting these issues will allow an attacker to execute arbitrary script...