Zyxel P-660HW-61 Firmware < 3.40(PE.11)C0 Router - Local File Inclusion

Exploit Database
16 阅读

作者： ReverseBrain

日期： 2017-05-02
类别：
- webapps
平台：
- hardware
来源：https://www.exploit-db.com/exploits/41998/

# Exploit Title: Zyxel P-660HW-61 < 3.40(PE.11)C0 - Local File Inclusion
# Date: 2-05-2017
# Exploit Author: ReverseBrain
# Contact: https://www.twitter.com/ReverseBrain
# Vendor Homepage: https://www.zyxel.com
# Software Link: ftp://ftp.zyxel.com/P-660HW-61/firmware/P-660HW-61_3.40(PE.11)C0.zip
# Version: 3.40(PE.11)C0

1. Description

Any user who can login into the router can exploit the Local File Inclusion
reading files stored inside the device.

2. Proof of Concept

Login into the router and use the path of a file you want to read as
getpage parameter. For example:

http://ROUTER_IP/cgi-bin/webcm?getpage=/etc/passwd

last Exploits
Zyxel P-660HW-61 Firmware < 3.40(PE.11)C0 Router - Local File Inclusion的更多信息

Eibiz i-Media Server Digital Signage 3.8.0 – Directory Traversal：
Asp – comersus7F Shopping Cart Software Backup Dump：
Heatmiser Netmonitor 3.03 – Hardcoded Credentials：
Kuicms PHP EE 2.0 – Persistent Cross-Site Scripting：
User Management System 2.0 – Authentication Bypass：
am4ss Support System 1.2 – PHP Code Injection：
MyHobbySite 1.01 – SQL Injection / Authentication Bypass：
Jaow CMS – ‘add_ons’ Cross-Site Scripting：