Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2013-6987 PoC — Synology DiskStation Manager ‘FileBrowser’组件目录遍历漏洞

Source
https://github.com/stoicboomer/CVE-2013-6987
Associated Vulnerability
Title:Synology DiskStation Manager ‘FileBrowser’组件目录遍历漏洞 (CVE-2013-6987)
Description:Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. (dot dot) in the (1) path parameter to file_delete.cgi or (2) folder_path parameter to file_share.cgi in webapi/FileStation/; (3) dlink parameter to fbdownload/; or unspecified parameters to (4) html5_upload.cgi, (5) file_download.cgi, (6) file_sharing.cgi, (7) file_MVCP.cgi, or (8) file_rename.cgi in webapi/FileStation/.
Description
exploit for DNS 4.3
Readme
# CVE-2013-6987

Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. (dot dot) 

# Usage:

	python <file.py> <SynoToken> <path>
	
	example:
		#list filesystem
		python file_list.py ABCDFEGH1234 /home/../../../../
File Snapshot

 [4.0K]  /data/pocs/72de6497c6aa04cd13e09cd323949524955d810c
├── [ 582]  file_delete.py
├── [ 507]  file_download.py
├── [1.9K]  file_list.py
└── [ 377]  README.md

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →