WebBox-20
tcp/8081
An attacker can make use of this vulnerability to step out of the root directory and access other parts of the file system.
This might give the attacker the ability to view restricted files, which could provide the attacker with more information required to further compromise the system.
https://www.acunetix.com/websitesecurity/directory-traversal/
Severity: critical
Fingerprint: ac4d53c4832b2491c591c07df231d2bcf231d2bc8117f206b4436c27ccc1d846
Found host file trough Directory traversal: 127.0.0.1 localhost # the following lines are desirable for ipv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 127.0.1.1 gwg
Open service 149.210.89.137:8081
2024-09-11 15:18
HTTP/1.1 200 Server: WebBox-20 Cache-Control: max-age=3600, s-maxage=3600 Date: Wed, 11 Sep 2024 15:18:58 GMT Connection: keep-alive ETag: Monday, January 01, 2001 Last-Modified: Mon, 01 Jan 2001 00:45:18 GMT Expires: Content-Type: text/html; charset=utf-8 Content-Length: 443 Page title: SMA Sunny Webbox <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <head> <meta http-equiv="refresh" content="0; URL=/culture/index.dml"> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>SMA Sunny Webbox</title> <link rel="SHORTCUT ICON" href="../img/favicon.ico"> </head> <body class="no_navi""> </body> </html>
Open service 149.210.89.137:80
2024-09-10 17:47
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Content-Length: 49414 Set-Cookie: JSESSIONID=deleted; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; HttpOnly Connection: close <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <head> <link rel="shortcut icon" type="image/x-icon" href="../img/favicon.ico"> <link rel="stylesheet" href="../css/main.css"> <link rel="stylesheet" href="../css/login.css"> <link rel="stylesheet" href="../css/jquery.tp.min.css"> <script src="../js/jquery-1.8.3.min.js"></script> <script src="../js/oid_str.js"></script> <script src="../js/encrypt.js"></script> <script src="../js/lib.js"></script> <script>INCLUDE_MULTI_LANGUAGE?($.loadScript("../locale/language.js"),$.loadScript("../js/locale.js")):$.loadScript("../js/str.js"),INCLUDE_LOGIN_GDPR_ENCRYPT&&($.loadScript("../js/cryptoJS.min.js"),$.loadScript("../js/tpEncrypt.js"))</script> <script src="../js/jquery.tp.min.js"></script> <!--[if lte IE 8]> <link href="./css/ie.css" rel="stylesheet" type="text/css"/> <style type="text/css"> .input-err-container .input-err-delta, #pc-scroll div.widget-error-tips span.widget-error-tips-delta { top: 4px; left: 96px; } .input-container .input-err-container, .button-error-tips { left: -11px; top: 30px; } .input-container .input-wrapper { border-color: #b3b6b6; } .input-container.focus .input-wrapper { border-color: #74ccd1; } .input-container.err .input-wrapper { border-color: #c11c66; } button.button-button { background: url("../img/ie.png") no-repeat -255px -32px; } button.button-button:hover { background: url("../img/ie.png") no-repeat 0px -32px; } #pc-scroll div.widget-error-tips div.widget-error-tips-wrap, .input-err-container .input-err-content { border: 0; box-shadow: none; } .shadow-top { background: url("../img/ie-01.png") repeat-x 0 -5px; top: -13px; left: 0; height: 13px; margin: 0 17px 0 17px; } .shadow-bot { background: url("../img/ie-01.png") repeat-x center bottom; bottom: -13px; left: 0; height: 13px; margin: 0 17px 0 17px; } .shadow-top-left, .shadow-top-right, .shadow-bot-left, .shadow-bot-right { position: absolute; width: 17px; height: 11px; background: url(../img/ie-06.png) no-repeat 0px -56px; } .shadow-top-left { background-position: 0px -56px; left: 4px; top: 4px; } .shadow-top-right { background-position: 0px -38px; right: 0; top: 3px; } .shadow-bot-left { background-position: 0px -76px; left: 3px; bottom: 8px; } .shadow-bot-right { background-position: 0px -95px; right: 0; bottom: 8px; } .shadow-left { padding-left: 11px; background: url(../img/ie-02.png) no-repeat 0px 0px; } .shadow-right { padding-right: 11px; background: url(../img/ie-02.png) no-repeat center right; } </style> <![endif]--> </head> <body> <div id="cover" class="nd"></div> <div id="mask" class="mask"></div> <span class="load" style="display:none">for cache</span> <div id="pc-div" class="nd"> <div id="pc-top"> <div id="pc-top-container"> <a id="pc-top-product" href="http://www.tp-link.com" target="_blank"> <span class="icon-logo"></span> </a> <div id="pc-top-country" class="top-country nv"> <select id="top-country" class="top-country-select"> </select> </div> </div> </div> <di