An attacker can make use of this vulnerability to step out of the root directory and access other parts of the file system.
This might give the attacker the ability to view restricted files, which could provide the attacker with more information required to further compromise the system.
https://www.acunetix.com/websitesecurity/directory-traversal/
Severity: critical
Fingerprint: ac4d53c4832b2491c591c07df231d2bcf231d2bc8117f206b4436c27ccc1d846
Found host file trough Directory traversal: 127.0.0.1 localhost # the following lines are desirable for ipv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 127.0.1.1 gwg
Open service 149.210.72.216:8081
2024-09-11 03:15
HTTP/1.1 302 Redirect Date: Wed Sep 11 03:15:06 2024 Content-Length: 209 Connection: close Location: ./login.asp X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1;mode=block Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' <html><head></head><body> This document has moved to a new location</a>. Please update your documents to reflect the new location. </body></html>
Open service 149.210.72.216:80
2024-09-11 01:58
HTTP/1.1 200 OK Connection: close ETag: "d95-202-643f8df2" Last-Modified: Wed, 19 Apr 2023 06:45:06 GMT Date: Sun, 08 Sep 2024 10:35:18 GMT Content-Type: text/html Content-Length: 514 <!DOCTYPE html> <head> <meta http-equiv="pragma" content="no-cache"> <meta http-equiv="Cache-Control" content="no-cache, must-revalidate"> <meta http-equiv="expires" content="Wed, 26 Feb 1970 00:00:01 GMT"> <script language="javascript" type="text/javascript"> window.location.href="/cgi-bin/luci"; </script> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <noscript><meta http-equiv="refresh" content="0; url=/" /></noscript> </head> <a style="text-decoration: none" href="/"></a> </html>
Open service 149.210.72.216:8080
2024-09-09 17:42
HTTP/1.1 200 OK Connection: close ETag: "d95-202-643f8df2" Last-Modified: Wed, 19 Apr 2023 06:45:06 GMT Date: Sat, 07 Sep 2024 02:18:49 GMT Content-Type: text/html Content-Length: 514 <!DOCTYPE html> <head> <meta http-equiv="pragma" content="no-cache"> <meta http-equiv="Cache-Control" content="no-cache, must-revalidate"> <meta http-equiv="expires" content="Wed, 26 Feb 1970 00:00:01 GMT"> <script language="javascript" type="text/javascript"> window.location.href="/cgi-bin/luci"; </script> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <noscript><meta http-equiv="refresh" content="0; url=/" /></noscript> </head> <a style="text-decoration: none" href="/"></a> </html>