Samsung SRN-1670D Web Viewer 1.0.0.193 Arbitrary File Read / Upload

Posted by deepcore on January 12, 2018 – 7:18 am

This Metasploit module exploits an unrestricted file upload vulnerability in Web Viewer 1.0.0.193 on Samsung SRN-1670D devices. The network_ssl_upload.php file allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the file in the upload/ directory. To authenticate for this attack, one can obtain web-interface credentials in cleartext by leveraging the existing local file read vulnerability referenced by CVE-2015-8279, which allows remote attackers to read the web interface credentials by sending a request to: cslog_export.php?path=/root/php_modules/lighttpd/sbin/userpw URI.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« LabF nfsAxe 3.7 FTP Client Stack Buffer Overflow phpCollab 2.5.1 Unauthenticated File Upload »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Samsung SRN-1670D Web Viewer 1.0.0.193 Arbitrary File Read / Upload

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL