4f2cf56b31
11 changes to exploits/shellcodes Seagate BlackArmor NAS sg2000-2000.1331 - Command Injection OpenSIS 8.0 'modname' - Directory Traversal Patient Appointment Scheduler System 1.0 - Unauthenticated File Upload Budget and Expense Tracker System 1.0 - Arbitrary File Upload FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Hidden Backdoor Account (Write Access) FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Remote Privilege Escalation WordPress Plugin Redirect 404 to Parent 1.3.0 - Reflected Cross-Site Scripting Jetty 9.4.37.v20210219 - Information Disclosure Clinic Management System 1.0 - SQL injection to Remote Code Execution Online Course Registration 1.0 - Blind Boolean-Based SQL Injection (Authenticated) Windows/x64 - Reverse TCP (192.168.201.11:4444) Shellcode (330 Bytes)
118 lines
No EOL
4.3 KiB
Text
118 lines
No EOL
4.3 KiB
Text
# Exploit Title: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Hidden Backdoor Account (Write Access)
|
|
# Date: 25.07.2021
|
|
# Exploit Author: LiquidWorm
|
|
# Vendor Homepage: https://www.fatpipeinc.com
|
|
|
|
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Hidden Backdoor Account (Write Access)
|
|
|
|
|
|
Vendor: FatPipe Networks Inc.
|
|
Product web page: https://www.fatpipeinc.com
|
|
Affected version: WARP / IPVPN / MPVPN
|
|
10.2.2r38
|
|
10.2.2r25
|
|
10.2.2r10
|
|
10.1.2r60p82
|
|
10.1.2r60p71
|
|
10.1.2r60p65
|
|
10.1.2r60p58s1
|
|
10.1.2r60p58
|
|
10.1.2r60p55
|
|
10.1.2r60p45
|
|
10.1.2r60p35
|
|
10.1.2r60p32
|
|
10.1.2r60p13
|
|
10.1.2r60p10
|
|
9.1.2r185
|
|
9.1.2r180p2
|
|
9.1.2r165
|
|
9.1.2r164p5
|
|
9.1.2r164p4
|
|
9.1.2r164
|
|
9.1.2r161p26
|
|
9.1.2r161p20
|
|
9.1.2r161p17
|
|
9.1.2r161p16
|
|
9.1.2r161p12
|
|
9.1.2r161p3
|
|
9.1.2r161p2
|
|
9.1.2r156
|
|
9.1.2r150
|
|
9.1.2r144
|
|
9.1.2r129
|
|
7.1.2r39
|
|
6.1.2r70p75-m
|
|
6.1.2r70p45-m
|
|
6.1.2r70p26
|
|
5.2.0r34
|
|
|
|
Summary: FatPipe Networks invented the concept of router-clustering,
|
|
which provides the highest level of reliability, redundancy, and speed
|
|
of Internet traffic for Business Continuity and communications. FatPipe
|
|
WARP achieves fault tolerance for companies by creating an easy method
|
|
of combining two or more Internet connections of any kind over multiple
|
|
ISPs. FatPipe utilizes all paths when the lines are up and running,
|
|
dynamically balancing traffic over the multiple lines, and intelligently
|
|
failing over inbound and outbound IP traffic when ISP services and/or
|
|
components fail.
|
|
|
|
FatPipe IPVPN balances load and provides reliability among multiple
|
|
managed and CPE based VPNs as well as dedicated private networks. FatPipe
|
|
IPVPN can also provide you an easy low-cost migration path from private
|
|
line, Frame or Point-to-Point networks. You can aggregate multiple private,
|
|
MPLS and public networks without additional equipment at the provider's
|
|
site.
|
|
|
|
FatPipe MPVPN, a patented router clustering device, is an essential part
|
|
of Disaster Recovery and Business Continuity Planning for Virtual Private
|
|
Network (VPN) connectivity. It makes any VPN up to 900% more secure and
|
|
300% times more reliable, redundant and faster. MPVPN can take WANs with
|
|
an uptime of 99.5% or less and make them 99.999988% or higher, providing
|
|
a virtually infallible WAN. MPVPN dynamically balances load over multiple
|
|
lines and ISPs without the need for BGP programming. MPVPN aggregates up
|
|
to 10Gbps - 40Gbps of bandwidth, giving you all the reliability and speed
|
|
you need to keep your VPN up and running despite failures of service, line,
|
|
software, or hardware.
|
|
|
|
Desc: The application has a hidden administrative account 'cmuser' that has
|
|
no password and has write access permissions to the device. The user cmuser
|
|
is not visible in Users menu list of the application.
|
|
|
|
Tested on: Apache-Coyote/1.1
|
|
|
|
|
|
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
|
|
@zeroscience
|
|
|
|
|
|
Advisory ID: ZSL-2021-5684
|
|
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php
|
|
|
|
|
|
30.05.2016
|
|
25.07.2021
|
|
|
|
--
|
|
|
|
|
|
Overview:
|
|
FatPipe Central Manager is a secure web based solution providing a centralized solution
|
|
to manage FatPipe's suite of WAN reliability and optimization products. Central Manager
|
|
allows you to configure, manage and monitor FatPipe's patented MPSec technology at the
|
|
click of a button.
|
|
|
|
Central Manager = cmuser.
|
|
Once authenticated, you get admin rights.
|
|
|
|
HTTP/1.1 200 OK
|
|
Server: Apache-Coyote/1.1
|
|
Strict-Transport-Security: max-age=31536000
|
|
X-Frame-Options: DENY
|
|
X-Content-Type-Options: nosniff
|
|
X-XSS-Protection: 1; mode=block
|
|
Content-Type: application/json;charset=ISO-8859-1
|
|
Content-Length: 118
|
|
Date: Fri, 06 Aug 2017 16:37:07 GMT
|
|
Connection: close
|
|
|
|
{"loginRes":"success","userName":"userName","userAccess":"writeAccess","activeUserName":"cmuser","message":"noError"} |