Created
January 16, 2025 10:48
-
-
Save s4fv4n/56c326450dcb3ab808b5ce8242a11e30 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CVE ID: CVE-2024-57785 | |
| Vulnerability Title: Authenticated Local File Inclusion Vulnerability on Zenitel AlphaWeb XE v11.2.3.10 | |
| Description: | |
| Zenitel AlphaWeb XE v11.2.3.10 was discovered to contain a local file inclusion vulnerability via the component amc_uploads.php. | |
| VulnerabilityType Other: | |
| Local File Inclusion Vulnerability | |
| Vendor of Product: | |
| Zenitel | |
| Affected Product Code Base: | |
| Zenitel AlphaWeb XE - Version 11.2.3.10 | |
| Affected Component: | |
| Affected URL: http://<ip address>/php/amc_uploads.php?action=readlog&file=/etc/passwd | |
| Attack Type: | |
| Remote | |
| Impact Information Disclosure: | |
| true | |
| Attack Vectors: | |
| Steps to Reproduce: | |
| Step 1: Authenticate to the Zenitel AlphaWeb XE web application Version 11.2.3.10. (can use the default username 'admin' and password 'alphaadmin' for authentication). | |
| Step2 : After login to the Zenitel AlphaWeb XE web application, navigate to the URL "http://<ip address>/php/amc_uploads.php?action=readlog&file=/etc/passwd" and we will be able to successfully access the /etc/passwd file. | |
| Step 3: We can even access the /etc/shadow file which contains the local user password hashes by using the URL "http://<ip address>/php/amc_uploads.php?action=readlog&file=/etc/shadow". | |
| Step 4: Then we can try to crack these passwords to access the linux system. | |
| Reference: | |
| https://www.zenitel.com/ | |
| Discoverer: | |
| Safvan Parakkal from MoroHub | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment