Hello there , we hope you doing well .

2 days ago one my friends gave us a Seowon Slc-130 as a gift but unfortunately the Sim card that he had put in that devices has no internet subscription :D

so we were bored and we just thought that let’s take a look at the Web Interface of this device …

the default username/password was admin/admin so we just logged in and start crawling all the sections of the web interface .

Image for post
Image for post

during crawling we saw an interesting point that the Web App takes an IP Address from me and just trying to Ping/Traceroute to it , we tried to append a Linux command to it with a Linux command separator ( like && , ; ) and we saw that the output of my commands is reflecting into the screen…

About

Milad Soltanian