关联漏洞
Description
An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter.
介绍
# 🚀 CVE-2024-29269 Exploit
This repository contains an exploit for the CVE-2024-29269 vulnerability, which allows unauthenticated OS command execution on TLR-2005KSH routers. This exploit leverages the vulnerability to execute arbitrary commands on the affected routers.
## ✨ Features
- 🔄 Interactive mode to execute commands interactively on a single URL.
- 📂 Batch mode to scan multiple URLs from a file.
- 📝 Output results to a file.
- 📊 Progress bar to track the progress of batch scanning.
## 📦 Installation
### Install Requirements
Clone the repository and install the required packages using `pip`:
```bash
git clone https://github.com/Chocapikk/CVE-2024-29269
cd CVE-2024-29269
pip install -r requirements.txt
```
## 🔍 Usage
### Interactive Mode
Execute commands interactively on a single URL:
```bash
python exploit.py -u http://example.com
```
### Batch Mode
Scan multiple URLs from a file:
```bash
python exploit.py -f urls.txt -t 50 -o results.txt
```
## 🌐 Dork
Use the following ZoomEye dork to find potentially vulnerable devices:
```text
title:"Login to TLR-2005KSH"
```
[LeakIX Search Results](https://leakix.net/search?scope=service&q=%22Login+to+TLR-2005KSH%22)
[ZoomEye Search Results](https://www.zoomeye.hk/searchResult?q=title%3A%22Login+to+TLR-2005KSH%22&page=2&pageSize=10)
## ⚠️ Disclaimer
This tool is intended for educational purposes only. Use it at your own risk and only on systems you have permission to test. Unauthorized access to computer systems is illegal.
文件快照
[4.0K] /data/pocs/ec141b1f90652526d1e80c08f60e9ea2ea716bb9
├── [6.8K] exploit.py
├── [ 40K] leakix.png
├── [1.6K] README.md
├── [ 80] requirements.txt
└── [ 39K] zoomeye.png
0 directories, 5 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。