f0d075a5de
6 changes to exploits/shellcodes Ruby < 2.2.8 / < 2.3.5 / < 2.4.2 / < 2.5.0-preview1 - 'NET::Ftp' Command Injection Zabbix Agent 3.0.1 - mysql.size Shell Command Injection Zabbix Agent 3.0.1 - 'mysql.size' Shell Command Injection Cisco IOS 12.2 < 12.4 / 15.0 < 15.6 - Security Association Negotiation Request Device Memory Technicolor DPC3928SL - SNMP Authentication Bypass Fortinet FortiGate 4.x < 5.0.7 - SSH Backdoor Netcore / Netis Routers - UDP Backdoor NETGEAR R7000 - Command Injection NETGEAR R7000 - Command Injection (PoC) Conarc iChannel - Improper Access Restrictions
30 lines
No EOL
1.2 KiB
Text
30 lines
No EOL
1.2 KiB
Text
# Exploit Title: Conarc iChannel - Unauthenticated Access/Default Webserver Misconfiguration allows for compromise of server
|
|
# Date: 2017-12-19
|
|
# Exploit Author: Information Paradox
|
|
# CVE : CVE-2017-17759
|
|
|
|
|
|
https://(affectedserver)/wc.dll?wwMaint~EditConfig
|
|
|
|
The customized webserver used by iChannel is based on an outdated and
|
|
vulnerable version of WestWind Webserver. This page is available,
|
|
unauthenticated, to a malicious attacker.
|
|
|
|
By visiting this link, the attacker can access the webserver configuration
|
|
edit page. This page reveals sensitive information, allows for alteration
|
|
of the webserver configuration, upload/modification of the server's
|
|
configuration and can result in a Denial of Service attack by deleting the
|
|
configuration.
|
|
|
|
This has been acknowledged by Conarc and they have been notified of the
|
|
impact.
|
|
If your iChannel install is available publicly, this can result in complete
|
|
compromise of the server, the web application and severe information
|
|
leakage/DOS.
|
|
|
|
Resolution:
|
|
|
|
Conarc has been notified of this issue. Until this issue is patched, the
|
|
affected installs should be removed from public access. In the case of
|
|
private deployments, this page should have an ACL applied to prevent
|
|
unauthenticated access to this page. |