Secure Computing SnapGear Management Console SG560 3.1.5 Arbitrary File Read / Write

Posted by deepcore on June 5, 2020 – 5:23 pm

Secure Computing SnapGear Management Console SG560 version 3.1.5 suffers from arbitrary file read and write vulnerabilities. The application allows the currently logged-in user to edit the configuration files in the system using the CGI executable edit_config_files in /cgi-bin/cgix/. The files that are allowed to be modified (read/write/delete) are located in the /etc/config/ directory. An attacker can manipulate the POST request parameters to escape from the restricted environment by using absolute path and start reading, writing and deleting arbitrary files on the system.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Navigate CMS 2.8.7 Directory Traversal Online Marriage Registration System 1.0 Remote Code Execution »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Secure Computing SnapGear Management Console SG560 3.1.5 Arbitrary File Read / Write

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL