Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-19492 PoC — FreeSWITCH 信任管理问题漏洞

Source
https://github.com/Chocapikk/CVE-2019-19492
Associated Vulnerability
Title:FreeSWITCH 信任管理问题漏洞 (CVE-2019-19492)
Description:FreeSWITCH是美国Anthony Minessale软件开发者的研发的一套免费、开源的通信软件。该软件可用于创建音、视频以及短消息类产品和应用。 FreeSWITCH 1.6.10版本至1.10.1版本中的event_socket.conf.xml文件存在信任管理问题漏洞,该漏洞源于程序没有正确验证用户输入。攻击者可借助特制输入利用该漏洞在系统上执行任意命令。
Description
FreeSWITCH Exploit (CVE-2019-19492)
Readme
# FreeSWITCH Exploit (CVE-2019-19492)

This is an exploit script for FreeSWITCH vulnerabilities by Chocapikk and TrHacknon.

## Description

This script allows you to exploit FreeSWITCH vulnerabilities by executing remote commands. It supports exploitation of a single specified target or a list of targets specified in a file. It also has the ability to automatically generate a list of targets from Shodan.

## Prerequisites

- Python 3.6+
- `shodan` library (installed with `pip install shodan`)
- `rich` library (installed with `pip install rich`)
- `prompt_toolkit` library (installed with `pip install prompt_toolkit`)

## Usage

```
python exploit.py [--target TARGET --port PORT] [--list LIST] [--auto --pages PAGES] [--output FILE]
```

Options:
- `--target TARGET`: Specifies a single target IP to exploit.
- `--list LIST`: Specifies a file with a list of targets in the format ip:port. If port is not specified, default port will be used.
- `--port PORT`: Specifies a port for the target (default: 8021).
- `--auto`: Automatically generates a list of targets from Shodan.
- `--pages PAGES`: Specifies the number of pages for Shodan search (default: 1).
- `--output FILE`: Specifies the output file for storing the vulnerable targets.

If you use the `--target TARGET` or `--list LIST` option, the script will attempt to exploit the specified target(s).

If you use the `--auto` option, the script will automatically generate a list of targets from Shodan and attempt to exploit each target.

## Notes

- Make sure you have set your Shodan API key as the `SHODAN_API_KEY` environment variable.
- This tool is meant for educational purposes only. Misuse of this tool is strictly prohibited.

## Dorks

- Zoomeye: `service:"freeswitch-event"`
- Shodan: `product:"FreeSWITCH mod_event_socket` or `port:8021 Content-Type: auth/request`

## Warning

This script is provided for educational and ethical testing purposes only. Using this script for malicious activities is strictly prohibited. The authors, Chocapikk and TrHacknon, are not responsible for any misuse or illegal activities.

## Authors

- Chocapikk
- TrHacknon
File Snapshot

 [4.0K]  /data/pocs/2e87a3289882c608499a7e7574e37e9498662b27
├── [9.8K]  exploit.py
├── [ 289]  parser_zoomeye.py
├── [2.1K]  README.md
└── [  51]  requirements.txt

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.