Friday, January 24, 2020

[ INTELLIAN ] Multiple vulnerabilities in technology #Intellian (CVE-2019-17269, CVE-2020-7980,CVE-2020-7999, CVE-2020-8000, CVE-2020-8001)




"Intellian Aptus Web"

Vulnerabilities identified
1) Credencials harcoded ( CVE-2020-8000)

Path, Resource: http://<host>/include_js/bim_web_svc_auth.js?



2)  RCE ( CVE-2020-7980)
Reference:  https://sku11army.blogspot.com/2020/01/intellian-aptus-web-rce-intellian.html


Path explotable:  http://<host>/cgi-bin/libagent.cgi?type=J
Variable vuln: Q


poc: Request to service web









Tested in :

"Intellian, Aptus Web V100 v1.24"
"Intellian, Aptus Web V80 v1.24"



"Intellian APTUS Mobile App"


















PoC with app version: 1.0.2 

Static analysis. (Only decompiling the "* .apk")


Descompile code with tools:  "jadx-gui" and modSF



Vulnerabilities identified

1) Credentials harcoded ( CVE-2020-8001 )



Testing/check the credentials:

  • user: masteruser
  • pass: intellian





2) API Key harcoded ( CVE-2020-7999 )

package com.uniwebs.network.define;classe: UpdateProtocol()







public static String DOWNLOAD_API_KEY = "F4O5c7wGpOk8lmevm6LoWAXeIx6In+Qi";
public static String FILE_DOWNLOAD_API_KEY = "SdAXizuDB4STYpcxRwWwsA==";




"Intellian Remote Access" 


El aplicativo web utilizado para la gestión y administración de las terminales satélitales de la firma Intellian cuenta con una vulnerabilidad critica (y facil de explotar). Es decir, el aplicativo permite realizar Ejecución de comandos remotos (RCE)  



RCE: (
CVE-2019-17269)

In The wild !
shodan dorks: title:"Intellian Remote Access"










Access to device:


FTP



SSH








WEB:

***





 RCE; Step by steap

1)




a) problem !


b) no problem :)








Easy Tool !











Saludos,

Ezequiel

Autor

0 comentarios:

Post a Comment

 
biz.