CVE-2018-16706 PoC — LG SuperSign CMS 输入验证错误漏洞

Source

https://github.com/Nurdilin/CVE-2018-16706

Associated Vulnerability

Title:LG SuperSign CMS 输入验证错误漏洞 (CVE-2018-16706)
Description:LG SuperSign CMS是韩国乐金（LG）集团的一套针对LG webOS的内容管理系统。该系统支持连接外部数据库，并允许从移动设备访问服务器。 LG SuperSign CMS中存在安全漏洞。远程攻击者可通过向9080端口上的/qsr_server/device/reboot发送直接的HTTP请求利用该漏洞重启电视。

Description

Or how I turn off my TV via a cronjob

Readme

# CVE-2018-16706
Or how I turn off my TV 



$ nmap 192.168.1.55 -p 9080

PORT     STATE SERVICE
9080/tcp open  glrpc

Nmap done: 1 IP address (1 host up) scanned in 0.05 seconds


CVE Details
https://www.cvedetails.com/cve/CVE-2018-16706/

File Snapshot


 [4.0K]  /data/pocs/cff72bdff63b7294e48b35fc591961d72b84a846
├── [ 240]  README.md
└── [ 237]  reboot_tv.py

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!