bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/hardware/webapps/46132.txt
Offensive Security 518c704a2f DB: 2019-01-15 
32 changes to exploits/shellcodes

xorg-x11-server < 1.20.3 - Local Privilege Escalation (Solaris 11 inittab)
Dokany 1.2.0.1000 - Stack-Based Buffer Overflow Privilege Escalation
Microsoft Windows 10 - SSPI Network Authentication Session 0 Privilege Escalation
Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Open Privilege Escalation
Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Delete Privilege Escalation
Microsoft Windows 10 - DSSVC CanonicalAndValidateFilePath Security Feature Bypass
Microsoft Windows 10 - DSSVC MoveFileInheritSecurity Privilege Escalation
Microsoft Windows 10 - Browser Broker Cross Session Privilege Escalation
Microsoft Windows 10 - COM Desktop Broker Privilege Escalation

Hootoo HT-05 - Remote Code Execution (Metasploit)
Across DR-810 ROM-0 - Backup File Disclosure
i-doit CMDB 1.12 - Arbitrary File Download
i-doit CMDB 1.12 - SQL Injection
Horde Imp - 'imap_open' Remote Command Execution
Modern POS 1.3 - Arbitrary File Download
Modern POS 1.3 - SQL Injection
Twilio WEB To Fax Machine System Application 1.0 - SQL Injection
Live Call Support Widget 1.5 - Cross-Site Request Forgery (Add Admin)
Live Call Support Widget 1.5 - Remote Code Execution / SQL Injection
Craigs Classified Ads CMS Theme 1.0.2 - SQL Injection
Find a Place CMS Directory 1.5 - SQL Injection
Cleanto 5.0 - SQL Injection
Lenovo R2105 - Cross-Site Request Forgery (Command Execution)
HealthNode Hospital Management System 1.0 - SQL Injection
Hucart CMS 5.7.4 - Cross-Site Request Forgery (Add Administrator Account)
ThinkPHP 5.X - Remote Command Execution
Real Estate Custom Script 2.0 - SQL Injection
Job Portal Platform 1.0 - SQL Injection
Umbraco CMS 7.12.4 - Authenticated Remote Code Execution
Bigcart - Ecommerce Multivendor System 1.0 - SQL Injection
Portier Vision 4.4.4.2 / 4.4.4.6 - SQL Injection
AudioCode 400HD - Command Injection
2019-01-15 05:01:52 +00:00

32 lines
No EOL
1.3 KiB
Text
Raw Blame History

#Exploit Title: Across DR-810 ROM-0 Backup - File Disclosure(Sensitive Information)
#Date: 2019-01-11
#Exploit Author: SajjadBnd
#My Email: blackwolf@post.com
#Vendor Homepage: http://www.ac.i8i.ir/
#Version: DR-810
#Tested on: DR-810
#RomPager/4.07 UPnP/1.0
[+] About
==========
this hardware is a SIM card modem , This modem is being installed in Iran and sold with the SIM card
i8i.ir An internet site that sells products like SIM-card modems This modem has sold countless And on the main page of the site wrote:
SIM modems are used in a variety of ways and for similar uses, and depending on the features and quality, they have a variety of prices.
In this site, you will be familiar with the five modem and router sim-modem groups, which you can consult with us to choose the best option for you, and choose one of them.
[+] Rom-0 Backup File Disclosure
=================================
A dangerous vulnerability present on many network devices which are using
RomPager.The rom-0 file contains sensitive information such as the router password.
There is a disclosure in which anyone can download that file without any authentication by
a simple GET request.
[+] POC
========
just add /rom-0 to your target address
rom-0 Backup File will be downloaded
http://target/rom-0
then you can Decompressed the file and get password
Reference in a new issue View git blame Copy permalink