CVE-2018-15138 PoC — Ericsson-LG iPECS NMS 30M 路径遍历漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-15138.yaml

Associated Vulnerability

Title:Ericsson-LG iPECS NMS 30M 路径遍历漏洞 (CVE-2018-15138)
Description:Ericsson-LG iPECS NMS 30M是韩国Ericsson-LG公司的一套网络管理解决方案。 Ericsson-LG iPECS NMS 30M中存在目录遍历漏洞。攻击者可借助ipecs-cm/download?filename=../ URIs利用该漏洞获取敏感信息（配置文件）。

Description

Ericsson-LG iPECS NMS 30M allows local file inclusion via ipecs-cm/download?filename=../ URIs.

File Snapshot


 id: CVE-2018-15138

info:
  name: LG-Ericsson iPECS NMS 30M - Local File Inclusion
  author: 0x_Akok

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!