admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-06 02:31:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add CVE-2021-28149

Browse Source
This commit is contained in:
xiaoheihei1107 2021-08-14 18:33:25 +08:00 committed by GitHub
parent d7941364a8
commit b418752bef
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Hongdian/CVE-2021-28149/README.md Normal file
View File

@ -0,0 +1,11 @@
# Hongdian H8922 Arbitrary File Read (CVE-2021-28149)
Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_download.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ (e.g., ../../etc/passwd) This can be carried out with a web browser by changing the file name accordingly. Upon visiting log_download.cgi?type=../../etc/passwd and logging in, the web server will allow a download of the contents of the /etc/passwd file.
FOFA **query rule**: [banner="WWW-Authenticate: Basic realm=" && banner="Server Status"](https://fofa.so/result?qbase64=YmFubmVyPSJXV1ctQXV0aGVudGljYXRlOiBCYXNpYyByZWFsbT0iICYmIGJhbm5lcj0iU2VydmVyIFN0YXR1cyI%3D)
# Demo
![](Hongdian_H8922_Arbitrary_File_Read_CVE_2021_28149.gif)