/////ZTE MF65 -- local file listing method 3(LFLM )The Full Package /////

/////ZTE MF65 -- local file listing method 3(LFLM )The Full Package /////

another super quick one for a even better listing in the web application with the ability to change your path via the sd card settings, we use the exploit from last time to gain a web app access to the web folder, this time though we have a little bit more work to do, so here we go from the start :


POST /goform/goform_set_cmd_process HTTP/1.1
Host: 192.168.0.1

isTest=false&goformId=HTTPSHARE_AUTH_SET
&HTTP_SHARE_STATUS=Enabled
&HTTP_SHARE_WR_AUTH=readWrite
&HTTP_SHARE_FILE=..%2Fweb%2F


using the HTTP_SHARE_FILE= param we can change the displayed folders in the sd card manager,
you will need to be logged in for this method.

so your work flow is:
  1. login
  2. send request to change path 
  3. logout
use the httpguest button to see the files

now we will navigate to web/js/config/ then we will download the config.js file and change the line :

 SD_BASE_PATH: /mmc2/

to

 SD_BASE_PATH: /

and reupload it as what ever name you would like i did config.js.1
 and then rename the original config.js then rename the new config to replace the old one now refresh your page and check you sd card settings page to see the changes,

I must warn against changes of //web/js/config/config.js
Line : SD_BASE_PATH: /mmc2/
 
Against any directory transversals. in any sense or method as they will not work...

any changes to this path that will reflect as " "(an empty path) will render the online sd functions unusable and returning to normal operation at this point is not available via the methods we can employ.. (we need telnet)

so don't upload the file with  /mmc2/../ or anything like that,

till next time,
shoot straight,
FrankSxx

Comments

Post a Comment

Popular posts from this blog

f@st3864 Telnet/Serial

f@st3864 Telnet/Serial R.e F@st3864v2 Optus F@st3864 The quickest way to openly access this routers administration tools is to log in via http://192.168.0.1/main.html?loginuser=0 logging in with the default admin/Y3s0ptus loginuser=0 ***support/support ***loginuser=1 ***user/user*****loginuser=2 ***To Activate telnet*** going to management/system settings " download this file " sysinfo.f24 open the file in notepad the file splits into two sections the section we want is headed by backup config: <?xml version="1.0"?> <DslCpeConfig version="3.0"> and closed by </InternetGatewayDevice> </DslCpeConfig> so by copying all the xml information between these two points and pasting into a new notepad you have created our new backup file, before we save it and close find <X_GVT_Telnet_Enable>FALSE</X_GVT_Telnet_Enable> Change FALSE to TRUE then save the file as backupconfig.xml then use this XML file to update the settings, also i
Read more

ZTE MF910V Root exploit

ZTE MF910/ZTE910B/ZTE MF910V/Telstra MF910v  This guide exists in both linux and windows format Please follow the instructions as per O/S or untill instructions converge |+++++++++++++++++++++++++++++++++++++| Default credentials: For ZTE MF910/ZTE910B/ZTE MF910V/Telstra MF910v root:oelinux123 Web Interface Password: password |+++++++++++++++++++++++++++++++++++++| Getting Setup: Download the mode switch html to run locally: http://lopoteam.com/3AY9 Also ensure you have ADB (Android Debug Bridge) installed on your computer: ADB: Linux: https://dl.google.com/android/repository/platform-tools-latest-linux.zip http://lopoteam.com/37Bw Windows: https://dl.google.com/android/repository/platform-tools-latest-windows.zip http://lopoteam.com/37Ac |+++++++++++++++++++++++++++++++++++++| Lets Begin |+++++++++++++++++++++++++++++++++++++| Plug your device into the computer to download drivers. Linux: Open Terminal cd (*a
Read more

ZTE MF910V Mode Switch / ADB Enable / AT Commands / Debug

ZTE MF910V Mode Switch / ADB Enable / AT Commands / Debug AT mode : /goform/goform_set_cmd_process?goformId=SET_DEVICE_MODE&debug_enable=X Change X to either 0 or 1 this enables and disables qualcomm services, Debub / Adb :  /goform/goform_set_cmd_process?goformId=USB_MODE_SWITCH&usb_mode=X Change X to be the value matching the desired mode. 1-4 is RNDIS 5 is CDC 6 is ADB. or this page is uploaded to any web dir: UPDATED(2017) Download this file: tools.html Upload it to any directory and use it to switch thru modes via html
Read more