Compro Technology IP Camera – ‘killps.cgi’ Denial of Service (DoS)

Exploit Database
15 阅读

作者： icekam

日期： 2021-09-02
类别：
- webapps
平台：
- hardware
来源：https://www.exploit-db.com/exploits/50250/

# Exploit Title: Compro Technology IP Camera - 'killps.cgi' Denial-of-Service (DoS)
# Date: 2021-09-30
# Exploit Author: icekam,xiao13,Rainbow,tfsec
# Software Link: http://www.comprotech.com.hk/
# Version: Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, TN540
# CVE : CVE-2021-40378

There is a backdoor prefabricated in the device in this path. Accessing the
file through the browser after logging in will cause the device to delete
all data (including the data of the camera itself).

Payload:Visit this page after logging in
/cgi-bin/support/killps.cgi

please refer to:
https://github.com/icekam/0day/blob/main/Compro-Technology-Camera-has-multiple-vulnerabilities.md

last Exploits
Compro Technology IP Camera – ‘killps.cgi’ Denial of Service (DoS)的更多信息

PHPValley Micro Jobs Site Script – Spoofing：
Websense 7.6 Triton – ‘ws_irpt.exe’ Remote Command Execution：
Video WiFi Transfer 1.01 – Directory Traversal：
Supernews 2.6.1 – SQL Injection：
Xoops CMS 2.5.10 – Stored Cross-Site Scripting (XSS) (Authenticated)：
PHP-SecureArea < 2.7 - Multiple Vulnerabilities：
Online Student Enrollment System 1.0 – Unauthenticated Arbitrary File Upload：
Cisco Adaptive Security Appliance – Path Traversal (Metasploit)：