VelotiSmart WiFi B-380 Camera – Directory Traversal

Exploit Database
20 阅读

作者： Miguel Mendez Z

日期： 2018-07-16
类别：
- webapps
平台：
- hardware
来源：https://www.exploit-db.com/exploits/45030/

Title: Vulnerability in VelotiSmart Wifi - Directory Traversal
Date: 12-07-2018
Scope: Directory Traversal
Platforms: Unix
Author: Miguel Mendez Z
Vendor: VelotiSmart
Version: B380
CVE: CVE-2018–14064


Vulnerability description
-------------------------
- The vulnerability that affects the device is LFI type in the uc-http service 1.0.0. What allows to obtain information of configurations, wireless scanned networks, sensitive directories, etc. Of the device.

Vulnerable variable:
http://domain:80/../../etc/passwd

Exploit link:
https://github.com/s1kr10s/ExploitVelotiSmart

Poc:
https://medium.com/@s1kr10s/velotismart-0day-ca5056bcdcac

last Exploits
VelotiSmart WiFi B-380 Camera – Directory Traversal的更多信息

Jettweb Hazır Rent A Car Scripti V4 – SQL Injection：
PHPJabbers Night Club Booking 1.0 – Reflected XSS：
WordPress Plugin Eco-annu – ‘eid’ SQL Injection：
Medical Center Portal Management System 1.0 – ‘id’ SQL Injection：
WordPress Theme Elegant Grunge 1.0.3 – ‘s’ Cross-Site Scripting：
Zen Load Balancer 3.10.1 – Directory Traversal (Metasploit)：
Redlab CMS – Multiple SQL Injections：
ilchClan 1.0.5 – ‘cid’ SQL Injection：