Exploit NetAccess IP3 - (Authenticated) Ping Option Command Injection

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
9688
Проверка EDB
  1. Пройдено
Автор
R00T
Тип уязвимости
LOCAL
Платформа
HARDWARE
CVE
cve-2006-2043
Дата публикации
2009-09-15
Код:
###############################################################
#NetAccess IP3 - Force into shell
#By: r00t
#Shouts: G., Tee, ES, s1ngl3, and D1g1t5
#
###############################################################
#Requirements: Remote access to an IP3
#              Any level control panel username/password
#
###############################################################
#Vendor Information:
#Thanks to Sebastian Wolfgarten (sebastian at wolfgarten dot com)
#for including vendor information in his AFD vuln
#
#"IP3's NetAccess is a device created for high demand environments such as
#convention centers or hotels. It handles the Internet access and
#provides for instance firewalling, billing, rate-limiting as well as
#various authentication mechanisms. The device is administrated via SSH
#or a web-based GUI."
#
###############################################################

1. SSH into the IP3's IP address
2. After logging in, select the "ping" option (usually menu item 5)
3. Ping the address: localhost && sh
4. After four pings to localhost, shell will be forced open

One may think there are limitations once logged into shell without
root access on an IP3.  Wrong.

# milw0rm.com [2009-09-15]
 
Источник
www.exploit-db.com

Похожие темы